back to article DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6

For more than 20 years, it has been clear that the internet will eventually run out of public IPv4 addresses. Despite that limit, online businesses have been slow to adopt IPv6, which has an abundance of addresses by comparison. Now that tech companies are eager to use the phrase "Internet of Things" (IoT) or the "Internet of …

COMMENTS

This topic is closed for new posts.
  1. malle-herbert Silver badge
    Joke

    Running out of addresses might sometimes be a good thing...

    http://xkcd.com/865/

    1. boltar Silver badge

      Re: Running out of addresses might sometimes be a good thing...

      OK , I know this is offtopic , but that cartoon conjurs up the old grey goo scare scenario about replicating machines just constantly replicating until the whole earth is covered in them and the result of their materials processing. Guess what - it already happened, about 3 billion years ago. The "nanobots" are called bacteria and the goo isn't grey - its brown , and we call it mud.

      Getting back on topic - IPv6 address are just too complicated for even a lot of net admins to grok. No one likes entering hex codes, even dyed in the wool hackers. And even today I find myself using raw IP4 addresses a lot internally when machines haven't been assigned a DNS address. I *really* don't want to be doing that with IP6. And whats with the whole link local address BS anyway?

      1. Anonymous Coward
        Anonymous Coward

        Re: Running out of addresses might sometimes be a good thing...

        Internal address allocation:

        ::0.0.0.0 to ::255.255.255.255 (with the usual exceptions of course)

        Router adds TLA before heading out to internet - job done. Not that hard really.

      2. RAMChYLD

        Re: Running out of addresses might sometimes be a good thing...

        The bigger problems with IPV6 is that there is no reliable documentation on how to set it up the way one would with IPV4 and that there's some weird taboos that doesn't exist with v4 that makes v6 a pain to work with. For example, my network is protected by a dual-homed firewall proxy running OpenBSD (one public-facing interface and one private-facing interface) which interfaces with a router provided by my telco and acts as a secondary firewall to keep guests out of my home lab's network. The public facing site is DHCP while the private facing site is static. Apparently, to have it route IPV6, both interfaces has to be static- I cannot have the public-facing interface use RTSOL to receive the settings from the router. But for some reason I cannot set up the public interface statically, the ISP-provided router refuses to recognize the firewall box if the settings are manually set instead of set through RTSOL.

        Seriously, I can have the public-facing interface on DHCP while the private interface on static with IPV4. Why am I not allow to do that with the IPV6 equivalent (RTSOL on public and static on private)?

        Although I must say, my current improvise seems to be alright (using Squid on the firewall as a 4-to-6 bridge). But surely there's a better way?

        1. Decade
          Unhappy

          Re: Running out of addresses might sometimes be a good thing...

          @RAMChYLD

          Unfortunately, the majority of IPv6 engineers come from enterprises and large research organizations, and are several degrees of separation removed from the concerns of SMB and normal households. So, much of the IPv6 deployment involves manual address entry. Also, I think there's something wrong with your ISP-provided router.

          It looks like the real "solution" is DHCPv6-PD. The router receives from the ISP's upstream router an address and a prefix via DHCP. Then it is free to use that prefix however it's configured. To get the DHCPv6-PD assignment, you probably have to turn off any routing fanciness in your ISP-provided router, and use it as a dumb modem. I haven't heard of CPE using DHCPv6-PD to assign subnets within a network.

          IPv6 addresses are bountiful, but they're not infinite. A lot of the address space is restricted for various amusing reasons. In particular, fully half of the IPv6 address is recommended to be set aside for the subnet. (No more /24, /20, /16, /8: /64 for everyone.) SLAAC depends on that allocation scheme. That leaves not a lot of address space for the average small business. And when a bunch of ISPs are allocating only a /60 or even just a single /64, there is no alternative but to wrangle the addresses manually.

          1. ZeroSum

            Re: Running out of addresses might sometimes be a good thing...

            Haven't heard of any ISP that provides IPv6 not using DHCPv6-PD (prefix delegation).

          2. RAMChYLD

            Re: Running out of addresses might sometimes be a good thing...

            @Decade

            Well, I think the router's IPV6 support is experimental at best. The only option provided in the IPV6 pane is a checkbox to enable or disable IPV6 and nothing else.

            Thing is, I the way I attempted to do this is configure all my lab machines with a static IPV6 address like I would with IPV4 (I got my /64 from this one websites that generates IPV6 ranges- come to think of it I don't know now if that was a good idea and if it's a good idea to take the site seriously), and then point the gateway towards the IPV6 address of the firewall. However, the plan hit a snag when OpenBSD's documentation said that I can't use RTSOL and IPV6 forwarding at the same time.

      3. Decade
        Boffin

        Hex codes are a good thing

        The aversion to hex codes is confounding.

        Any competent computer scientist learns hex code. If you don't understand hex, then you shouldn't be holding technical opinions. And average people can't understand normal IP addresses anyway; as far as they're concerned, the dotted quads are hieroglyphs. IPv4 just has shorter hieroglyphic names than IPv6 does.

        I find hex codes to be much easier to work with. Each character stands for a unique 4 bits of address. Most allocations are done along half-octet boundaries (prefixes divisible by 4: /32, /40, /48, /56, /60, /64) so each character in the prefix is the same for every host in the network, except for the trailing zeroes in the prefix. Contrast that with IPv4's decimal addresses, where each decimal digit covers several binary digits partially. And IPv4's paucity of addresses means subnets get allocated on awkward bit boundaries.

        Concrete example time. Let's say you get allocated 2001:db8:abcd:ef00::/56. Every host on your network will have 2001:db8:abcd:ef00: at the beginning of the address, only varying in the last 16 hex digits, because each subnet is recommended to use 64 bits. If you have more subnets, then the two zeroes at the end of the prefix will change to the subnet address, but otherwise they will all have the same prefix. With the recommended allocation, you have 256 subnets to play with; or you could manually use those 72 bits however you want.

        Let's contrast this with IPv4, an allocation of 172.16.64.0/21. Some hosts could have 172.16.65 at the beginning of the address, and others could have 172.16.70, but none will have 172.16.72. Not to mention network masks for hosts that still use those: If you want the final 11 bits to be host address, the mask will be 255.255.248.0, but if you want 10 bits for host address, the mask is 255.255.252.0. You need to do decimal to binary conversions whenever you work with IPv4 addresses. And you have far fewer subnets to play with, or far fewer hosts per subnet.

        Hex digits are way easier to use. The vast address space of IPv6 makes it even easier to use. It's not the complexity of the technology that's holding it back, but laziness.

        1. Yet Another Anonymous coward Silver badge

          Re: Hex codes are a good thing

          I don't think it's that they are in hex that is the problem - it's that they are a million digits long. Which is a bit annoying if you have to manually configure lots of machines and remember if the printer is 2001:0db8:3c4d:0015:1234:4321:abcd:ef12 or 2001:0db8:3c4d:0015:1234:4321:abcd:ef12

          I understand DNA bases and hold technical opinions about them - but I find it a lot easier to call my wife by her first name than shout out 3Billion base pairs to identify her.

          1. ZeroSum

            Re: Hex codes are a good thing

            There's no need to use an address that long when doing it manually. The last half of it can be a low number.

            e.g.

            2001:db8:123:456::7

            192.168.1.7

            Not much worse than a RFC1918 address to input.

  2. This post has been deleted by a moderator

  3. Brewster's Angle Grinder Silver badge
    Facepalm

    Security through transparency

    I don't want every hacker on the internet to be able to address every light bulb and every sensor in my house individually.

    1. LDS Silver badge

      Re: Security through transparency

      But that's exactly what "data collecting" companies want, be able to identify uiniquely every sensor/device you use and collect data from it. NAT hinders it, and if external IPs are allocated dinamically through DNS, they also lose the ability to match data from different points in time.

      Their dream is a unique identifier that never changes.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security through transparency

        "Their dream is a unique identifier that never changes."

        Fuck 'em.

      2. Mpeler
        Big Brother

        Re: Security through transparency

        Ahhhh, but it won't be just the marketing dweebs, hackers, and spammers that want your data....Big, er, Guv will most likely be interested too. And just as with (no-so) smart meters, the ability to remotely control and monitor will give these power-freaks an infinite number of ways to annoy us...

        Sad, too: another case of something potentially really useful being pwned by the bad guys...

        See homewrecker virus....written 1993, coming to a neighborhood near you....(hopefully not...).

    2. Nextweek

      Re: Security through transparency

      Whenever the subject of IPv6 comes up, misinformed comments spring up.

      Just because you have a route-able address doesn't mean it has to be to everyone. Routers contain firewalls AND network address translation, they are two different things. IPv6 even contains privacy extensions.

      If you are going to be a Luddite, then perhaps technology isn't the field for you. I look forward to a connected home, where I can remotely control thing. Where light bulbs are automatically sent to me when one is on the way out.

      1. Anonymous Coward
        Anonymous Coward

        Re: Security through transparency

        And everybody else is looking forward to controlling your home too.

      2. boltar Silver badge

        Re: Security through transparency

        " I look forward to a connected home, where I can remotely control thing. Where light bulbs are automatically sent to me when one is on the way out."

        Yeah , I guess could you have a small network enabled computer inside a lightbulb that requires networking and routing infrastructure , not to mention firewalls and perhaps antivirus software - just so it can tell you when its about to die.

        Or...

        You could just do what normal people do - have some spare bulbs in a drawer for when one dies.

        But hey, each to their own eh?

      3. Matt Bryant Silver badge
        FAIL

        Re: Nextweek Re: Security through transparency

        "....I look forward to a connected home, where I can remotely control thing. Where light bulbs are automatically sent to me when one is on the way out." Strangely enough, whenever the business looks at reqs for company networking projects, including tech to allow me at home to be lazy about my light bulbs is not one of them. Apparently, Facilities finds it just cheaper to rely on us workers as the failure detection mechanism.

        The Internet of Things is a geek fantasy and has no actual interest to the majority of businesses. Why the fudge would my business be interested in whether my fridge can order a new carton of milk from the supermarket over the Internet seeing as my bizz is not a fridge manufacturer, supermarket or ISP? Businesses are the largest buyers of networking equipment, therefore until there is a real and unavoidable reason to ditch IPv4, they won't.

        1. Kristian Walsh Silver badge

          Re: Nextweek Security through transparency

          The Internet of Things might be a geek fantasy, but the Internet of More Than a Billion Addressable Computers certainly isn't. Also, the unequal geographical distribution of IPv4 addresses means that India has just over half the number of static addresses per head as the Isle of Man: 29 per head, versus 54 for IoM; the remaining UK has 1,958 per head; the USA has 4,911. [ source: http://en.wikipedia.org/wiki/List_of_countries_by_IPv4_address_allocation ]

          Because of this, businesses in India often have to contend with ten levels of NAT. That's ten routers that can fail between your company server and your customer's; ten routers that have to be paid for in your service plans; ten routers that slow your traffic. And getting a static address? Hah!

          Even in IP-rich countries, getting a static IP address costs money, something IPv6 would abolish. But the lack of an agreed 4-6-4 translation mechanism makes it difficult to integrate (and also a lot of ISP routers just don't talk 6 at all, which rules out virtually every Small/Medium Enterprise and home worker)

          One other problem is that most networking professionals have made their career on getting IPv4 to work in an exhausted address space. IPv6 removes the need for that experience, while posing a new, unknown set of challenges to their customers' networks.

          I've never met a good network engineer who says things like "hey, let's deploy this everywhere because it's the cool new thing": Network engineers are cautious and conservative profession, and that's a good thing if it's your job to keep a vital infrastructure up and running. (Same goes for water, gas, electricity...)

          Until ALL the migration problems are solved, it just won't be done. But these problems won't be fixed in the West, but in countries like India and China, where the need is greater and more pressing..

    3. fajensen Silver badge

      Re: Security through transparency

      That's what the firewall is there for

    4. Adam 1 Silver badge

      Re: Security through transparency

      >I don't want every hacker on the internet to be able to address every light bulb and every sensor in my house individually.

      Oh don't worry about that. All comms will be completely secured using openSSL with session keys generated by Dual_EC_DRBG. Try to keep up.

  4. Steve Button

    No shit, Sherlock.

    I think most Reg readers have figured this one out already.

  5. Sander van der Wal
    Boffin

    Follow the Money (business as usual)

    Not a big secret why BT isn't keen on having all those I(nternet)Things talking to each other all the time: there's no way consumers are going to pay for the extra bandwidth which will be needed to support that level of blathering. Neither are the makers of the IThings, or those people who crave the data stream being generated by them.

    So why should BT, or any other network provider pick up that bill?

    1. fajensen Silver badge

      Re: Follow the Money (business as usual)

      It's not that - telecoms have a keen understanding of QoS management already. It is much more likely that the huge address space of IPv6, no requirement for NAT and built-in end-to-end encryption will make spying and logging of internet traffic harder - which is where the drain in resources is!

      1. ecofeco Silver badge

        Re: Follow the Money (business as usual)

        "It's not that - telecoms have a keen understanding of QoS management already."

        You forgot the joke icon.

        Cheers.

      2. ZeroSum

        Re: Follow the Money (business as usual)

        If they want to spy they use DPI not NAT.

  6. Novex
    Facepalm

    Bridging IPv4 to IPv6

    Well, if the setup of the IPv6 protocol hadn't been so against 'allowing' a way to bridge actively between the IPv4 internet and the IPv6 internet, then this issue might simply not have existed, as it would have been possible to have the two running in parallel (and able to talk to each other) for a gradual migration.

    1. Anonymous Coward
      FAIL

      Re: Bridging IPv4 to IPv6

      Mmm, so my computer, with the IP address 2001:44b8:21ac:7053:223:6cff:fe83:b6c7 decides to make contact with forums.theregister.co.uk, aka 92.52.96.89.

      What do I set my source IP address to? How does forums.theregister.co.uk reply? Does it take the first 32-bits or the last 32-bit, or something in the middle? How is the rest of the Internet meant to guess the bits that are missing?

      The only way we can be backward compatible with IPv6 is using things like NAT64 which for all intents and purposes, makes our IPv6 hosts look like they're sitting behind an IPv4 NAT router. The technology exists, but it doesn't fundamentally solve the problem that IPv6 was meant to solve.

    2. I ain't Spartacus Gold badge

      Re: Bridging IPv4 to IPv6

      Why didn't they just directly assign all IPv4 numbers to an equivalent IPv6 one, with extra digits at the beginning of course? It's not like IPv6 is short of numbers to miss the waste a mere few billion.

      The other thing I don't get about IPv6 is the allergy to NAT. Lots of addresses are good, obviously. Nice and future-proof. Some stuff wants to live online all the time - and who knows how much of this there'll be in future. But some kit never needs to talk to anything outside the building. And there are local networks for that. I'm no technical expert, and I know little enough about networking - but I sometimes get the feeling I've dropped into a religious dispute when I read about IPv6.

      Oh,and what did they do with IPv5? I suggest creating IPv12, and getting it completed before IPv6...

      1. Anonymous Coward
        Anonymous Coward

        Re: Bridging IPv4 to IPv6

        Why didn't they just directly assign all IPv4 numbers to an equivalent IPv6 one, with extra digits at the beginning of course? It's not like IPv6 is short of numbers to miss the waste a mere few billion.

        You mean like this?

        Sure, I can send my packet to ::ffff:92.52.96.89, the last router will probably truncate the address to the least significant address. Does it do this to the source address too? My IP address is not 254.131.182.199. How do you propose the systems in between figure out the full address from just that bit?

        1. I ain't Spartacus Gold badge

          Re: Bridging IPv4 to IPv6

          Stuart Longland,

          I don't propose anything. Designing international networking standards is well beyond my abilities. It's not my field.

          However, I suspect it's not impossible. A workaround could have been sorted out. I presume what you do at the moment is have the local network do IPv4, and then have the network box handling all the NAT and IPv6 stuff for it.

          IPv6 has been hanging around for a very, very long time. Perhaps it needs a re-design to reflect reality?

          1. Anonymous Coward
            Anonymous Coward

            Re: Bridging IPv4 to IPv6

            I don't propose anything. Designing international networking standards is well beyond my abilities. It's not my field.

            However, I suspect it's not impossible. A workaround could have been sorted out. I presume what you do at the moment is have the local network do IPv4, and then have the network box handling all the NAT and IPv6 stuff for it.

            That sounds awfully like NAT64. ;-)

            As I say, there are solutions out there to enable an IPv6 host to talk to an IPv4 one, albeit via a gateway. But, the problem with these solutions is that one still needs a (block of) IPv4 address(es) to use on the gateway(s), and one still needs to frig around with port forwarding to make things like SIP work.

            SIPs problem with NAT isn't in the making outbound calls, but receiving inbound ones. If two SIP endpoints are communicating, it is desirable that the traffic goes direct rather than via a provider's network: NAT makes this more difficult, or in some cases, impossible.

            Things like Skype only work because there are hosts run by Microsoft and others that are publicly accessible, thus can forward traffic between NATed hosts, thus it makes the service more costly to run as more endpoints rely on funnelling their data through these hosts instead of to each-other directly.

            The Internet of Things is another area where its desirable to have the endpoints talk directly rather than through some intermediate point. Not that I'm in favour of the "Internet of Things".

            I remember some time back when IPv6 was a new concept, people were suggesting such a network. They gave an example of having an IP-enabled fridge being able to talk to IP-enabled containers inside and provide status information to your portable computer (this was before the iPhone) to provide a shopping list.

            Personally I couldn't think of a more ridiculous application, but there you go, I'm a 30 year old Luddite.

            The real benefit to commerce is things like VoIP and VPNs: the former because of reduced management overheads (they just need to open a hole in the firewall, no port forwarding needed) and the latter due to reduced risk of address-space collisions.

        2. Roland6 Silver badge

          Re: Bridging IPv4 to IPv6

          The problem fundamentally is that the IPv6 crowd were so full of themselves that they gave scant thought to real world migration from IPv4 to IPv6 and the co-existence of these protocol stacks - thinking that migration would be an 'overnight' affair.

          The special IPv4 format facilitates the carriage of IPv4 traffic on an IPv6 backbone infrastructure without encapsulation. Yes a limitation is that effectively this is a closed community address space, so only IPv4 stacks can use it. However, it does permit the deployment of IPv6 capable backbone infrastructure - like BT's. The challenge is getting ISP's to expose the native IPv6 service to users, so that all those dual stack systems can start to use their IPv6 stacks to communicate with other systems with addresses outside of the IPv4 walled community.

          I'm a little surprised that ISP's aren't offering an IPv6 subscription offering, perhaps the IPv6 Forum need to start lobbying Facebook et al and get them to make their services available over native IPv6 and so start to create a market for IPv6.

          Obviously the absence of service is causing many to turn off the IPv6 stacks in their systems and routers (which have been enabled by default for many years now), which can only cause further problems as and when IPv6 does come into use.

          1. the spectacularly refined chap

            Re: Bridging IPv4 to IPv6

            I'm a little surprised that ISP's aren't offering an IPv6 subscription offering, perhaps the IPv6 Forum need to start lobbying Facebook et al and get them to make their services available over native IPv6 and so start to create a market for IPv6.

            The problem is that to date there has been no "pull" making the users want IPv6. It could have been done easily - think about how many questions you see of the form "How do I set my NAT type to 'open'" (whatever that means) from console users? If Xbox One/PS4 had been IPv6 by default and they explained "If you want to use IPv4 these are the additional hoops you need to jump through because of NAT" every new consumer router would be IPv6 enabled by now, and ISPs would be falling over themselves to provide IPv6 access.

            Right now the IP address shortage is simply somebody else's problem as far as the end user is concerned - there's no benefit to them at all.

            1. Roland6 Silver badge

              Re: Bridging IPv4 to IPv6 @the spectacularly refined chap

              >The problem is that to date there has been no "pull" making the users want IPv6.

              Agree, however as we demonstrated in the 80's with MAP/TOP, demand creation requires you to work on three fronts:

              1. The user community: To create consumer demand - ie. to benefit from all this new stuff you need IPv6.

              2. The producer community: To create supplier demand - ie. your services need to be available on IPv6.

              3. IT OEM's and ISPs: To deliver products to satisfy the market demand being creating.

              Yes to many users outside of the networking community, IP addresses are totally invisible and so yes it really is someone else's problem. The art and challenge is to make it as important as Y2K was and the recent end of support for widely used MS products.

            2. Matt Bryant Silver badge
              Devil

              Re: the spectacularly Re: Bridging IPv4 to IPv6

              "....The problem is that to date there has been no "pull" making the users want IPv6....." As I understand it, the biggest use of IPv6 for many years (and probably still now) was uTorrent. Not exactly a great advert for the security of IPv6 that it's primary user be a tool of software pirates, paedos and hackers.

          2. fajensen Silver badge

            Re: Bridging IPv4 to IPv6

            Pah - If people are smart enough to turn IPv6 off on their own initiative, they can turn it back on also, when "further problems" emerge.

            AFAIK - and it is some time ago - the reason migration was not so important was that "pure IPv6" would really cull routing tables in IPv6 routers (down to 8K, I think it was) and fix a bunch of hairy cases with IPv4. The hardware pushers liked that very much. People thought that "soon" there would be mostly IPv6 networks with IPv4 legacy nets as floating "islands" with NAT-boxes at the edges. They did not want to clutter up the shiny new gear with IPv4 cruft.

            The IPv6 crowd also underestimated the desire for NAT in countries that like to spy on their people and filter their information, like China. A saw a lot of slides with "The Chinese comes on the Internet and use all the addresses". We are sort of the same deal as China: End-to-end encryption does not sit well with the desire to log everything for our "American Friends", so, no major telecom operator will provide it even though they have been running IPv6 in the backbone for years. Another reason is that someone probably booked their IPv4 addresses as an Asset - and borrowed against it - IPv6 coming in 64k adress blocks minimum will kill the value of those addresses and kill the "customer IP configuration business".

          3. PhilPotter

            Re: Bridging IPv4 to IPv6

            Facebook, Google, and countless others already offer native IPv6 to their services and have done for some time. I use them daily on AAISP without issue. For that matter, dual stack can and does work seamlessly if setup correctly.

            Thinking in hex is not that difficult - if someone is bright enough to do subnet/netmask calculations with IPv4 then IPv6 will come fairly easily to them. Other than concepts like link-local addresses, the different packet structure, and no NAT, they are administered in virtually the same way from an end-user premises perspective - firewalling being part of any solution. My network has been native dual-stack for a good six months now, and had tunnelled v6 before that - the big boys like BT need to stop dragging their heels.

            The biggest misconception I see is that publicly routable addresses are somehow wide open without NAT. The packets still have to pass through your router, and are therefore still subject to firewall rules. IPv6 is coming sooner or later, whether they like it or not. Might as well be ready :-)

            1. Canecutter

              Re: Bridging IPv4 to IPv6

              "My network has been native dual-stack for a good six months now, and had tunnelled v6 before that - the big boys like BT need to stop dragging their heels."

              Looks like my situation. I've been tunneling to the rest of the IPv6 Internet for the better part of 12 years now. Haven't had any problems with that. The only reason I didn't tunnel out (IPv6 over IPv4) earlier is that I didn't know of any IPv6 transit providers then.

              My own suspicion is that there are a lot of IPv6 users already, and the only reason you don't hear from them is that they've already accepted the reality that ISP's will never get with it until they are forced to, and IPv6 users have simply "routed past the network failure" by tunneling to the global IPv6 Internet.

              Certainly is what I did.

          4. ZeroSum

            Re: Bridging IPv4 to IPv6

            Facebook is available over IPv6. When more ISPs start providing it to their customers a lot of existing traffic will use v6 instead of v4.

      2. Bronek Kozicki Silver badge
        Holmes

        Re: Bridging IPv4 to IPv6

        IPv6 has different packet structure, which is used to solve some of the problems IPv4 had, and also (obviously) to fit longer IP address. This means that the old gear wouldn't be able to exchange packets with IPv6 gear even if some address bits were common. Before they came with IPv6, a new protocol was designed (IPv5, also called ST2) but it didn't really address IPv4 shortcomings we are concerned about, and is not used.

        As for NAT, IP was not originally designed for address translation and some internet protocols do not work with it, notably active FTP and SIP. Of course, the box making address translation can alter not only IP header, but also bits in the application specific part of the packet thus making it appear that some things work. However when they do not work, it is nearly impossible to troubleshoot since application specific part of the packet is, guess what, specific to actual application or device doing the communication. Of course, now that every ISP "gives" you a modem with builtin NAT you may think it's normal, but it's not. Buy a SIP phone and ask friends to call you when behind NAT, you will see what I mean.

        As for the question of allowing certain hardware to talk to external world and disallowing some other, this is what firewalls are meant for. In fact almost all of the boxes "given" by an ISP do have builtin firewall, because it's in the Linux kernel they use and because it is used to limit the access to administration of the box, to your internal IP addresses only. Configuring firewall is actually quite easy if you have the right interface, and properly configured firewall would nicely protect your bulbs, sensors and switches from interactions with outside world. If you need to access them from your own phone, you might consider setting up an application gateway in your internal network - sshd running on dedicated box might be such device.

        1. Frumious Bandersnatch Silver badge

          Re: Bridging IPv4 to IPv6

          As for NAT, IP was not originally designed for address translation and some internet protocols do not work with it, notably active FTP and SIP

          Maybe it's ignorance on my part, but I don't think that's true.

          As I see it, it's not NAT that's the problem, but the fact that it's generally a one-way only operation (eg, sNAT to modify your outgoing packets so that they appear to come from the router rather than whatever your local address is). I'd thought that any program that operates from behind the firewall should work fine so long as it restricts itself to only making outgoing connections, with incoming packets for the session being correctly identified by the router as belonging to that session and so routed back inwards correctly. Am I wrong on this?

          If you're talking about running an FTP or SIP server inside your NAT'd network, then obviously you're out of luck unless whoever runs your NAT'ing firewall (most likely your ISP, because they realise the value of public IP addresses and usually charge extra for them, with everyone else behind NAT) agrees to do traffic forwarding of incoming connections. That being so, it's not a problem of FTP/SIP (or any other server that's designed to accept incoming requests) is incompatible with NAT, but rather that ISP's NAT policies dictate that regular users can't just request port forwarding so that their mail server or whatever appears to be "on the Internet" (at least not without paying). Again, that's the situation as I understand it.

          The really big problem with NAT is that if ISPs allowed users to run servers behind the NAT box, you'd very quickly run into conflicts about the assignment of port numbers. Some services (like http) are quite happy moving from the default ports (80/443) so long as the client machine puts the right port address in the URL. Other applications are much more picky about what port they listen or talk on, and the clients (or peers, if we're talking about something like an online game like World of Warcraft, which I think uses a p2p system for downloading updates) simply don't have the option of trying to connect to a different port. I assume that SIP works with a fixed port number for receiving incoming calls (unless you have an external directory where you can look up ip:port for a number?), so if that's the case then you can only have a maximum of one user behind the firewall who "owns" that incoming port. This technical limitation (and, I guess, any privacy/security concerns arising from making a mistake and routing to the wrong user) makes me suspect that ISPs will generally not even entertain your request for port forwarding if you're a regular NAT user ...

          As much as I hate this restriction with NAT, I'm still not sure that I like the alternative of flat routing (no hiding behind NAT) in IPv6. I know people will say that I can just use a router and drop packets like I used to be able to do in IPv4. At least I assume that's the case. My problem is basically that IPv6 is so complex that I'm not sure I trust myself to even do this routing correctly and be sure that none of my IPv6 devices can't be accessed from random machines on the 'net somewhere.

          1. Canecutter

            Re: Bridging IPv4 to IPv6

            "As much as I hate this restriction with NAT, I'm still not sure that I like the alternative of flat routing (no hiding behind NAT) in IPv6."

            With IPv6 your options for creating globally reachable subnets are quite a bit richer than that for IPv4. In particular, if you want to divide up your network into a "Private" network and a "Public" network, use (at least two) subnets and filtering rules to drop all traffic except as you authorise on entry, egress, or transit. In other words, no more complicated than the original picture for IPv4, and a lot less complicated than the picture for IPv4 plus NAT.

        2. Mage Silver badge

          Re: FTP & SIP

          There are NAT solutions for FTP and SIP.

          Though certainly not elegant.

          Probably IP6, or something like it is needed. But the so called "Internet of things" is actually irrelevant. My "things" want to be as simple as possible. The Gateway server (which can be an application on my existing Router or something like a Raspberry Pi) can provide a VPN and security.

          If I'm using public WiFi I want a VPN. Does IP6 solve the security issues of Public WiFi? Tell me when the majority of WiFi and Gadgets are using IP6 for a year.

          People that sell network gear keep claiming we are running out of IP4 (likely) and we should up grade to IP6(Well they would say that).

          Of course many USA Universities, USA Organisations, USA Corporations and friends that need 6 to 600 public IP have as many public IPs assigned as a small country.

      3. Charles 9 Silver badge

        Re: Bridging IPv4 to IPv6

        The problem has never been IPv6 talking to IPv4. There's a reserved IPv6 prefix for IPv4 addresses. The problem has always been going the other way: an IPv4 site wanting to talk to an IPv6 site.

    3. Jason Bloomberg Silver badge

      Re: Bridging IPv4 to IPv6

      The way IPv6 is specified is what has prevented it becoming widely adopted and made customers and providers reluctant to embrace it. It's mostly a choice of one or the other and that's not appealing in a world where most things are IPv4.

      We shouldn't forget that an IPv4 internet also has the concept of ports which notionally allows 65,536 devices per IPv4 address. Some of those ports are used for specific things but there should still be enough ports available to satisfy most IoT users without requiring a move to IPv6.

    4. RAMChYLD

      Re: Bridging IPv4 to IPv6

      Well, at the moment, my solution is Squid sitting on a IPV6-connected machine and all the other IPV6 "blind" machines use it to connect to IPV6 space. Need it since as mentioned before, IPV6 is allergic to NAT. Unfortunately, I rely on NATting and firewalls to prevent guests using my WiFi from getting into my lab network. That, and my ISP- provided router has strange ideas about IPV6 security (ie it ignores devices who did not take it's RA offer and configure it's route through it, effectively saying "if you didn't take my RA/RS offer, you can't use me).

      In other words, if I enable RTSOL, I can't use the firewall to route. But if I don't, the telco-provided router won't play along and route my IPV6 traffic.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bridging IPv4 to IPv6

        Well, at the moment, my solution is Squid sitting on a IPV6-connected machine and all the other IPV6 "blind" machines use it to connect to IPV6 space. Need it since as mentioned before, IPV6 is allergic to NAT. Unfortunately, I rely on NATting and firewalls to prevent guests using my WiFi from getting into my lab network.

        Firstly, far from being allergic to it, NAT does exist on IPv6, at least in Linux:

        https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/netfilter/Kconfig#n230

        Secondly, what prevents you from using packet filter rules to achieve what you're doing using NAT? Any ISP worthwhile will provide a /56 prefix which gives you 256 subnets, allocate one to your lab, another to your guests, a third to your DMZ. Block any traffic originating from the guest network to the lab. Is it really that hard?

  7. Chris Miller

    Why don't the megacorps and universities sitting on public class A addresses start selling off some of their address space? Are they just waiting for the price to rise?

    1. TRT Silver badge

      Nah. We're looking at returning some of our Class B space and going to internal addressing dynamically allocated with NAT. Problem is, that breaks half of the software licensing models deployed in the University and the software is so old that the cost of upgrading to more modern stuff that can cope with dynamic addressing is prohibitive.

  8. Anonymous Coward
    Anonymous Coward

    Firewalls

    Can we trust OEMs to provide continual security patches?

    Let's face it, we can't even get our routers patched after the epic OpenSSL failure.

    So the answer is an emphatic "NO!"

    How hard will it be for me to firewall my fridge, oven etc and block it from accessing the Internet?

    Or will it be even possible? Will they chat to the leccy "smart meter" and get access that way?

    1. Charles 9 Silver badge

      Re: Firewalls

      I think the logic is that if anyone can break the IPv6 firewall between your home and the outer net, they can also break the IPv4 NAT router and create the necessary bridges between the networks.

      So IOW, what you want is a dumb fridge, not a dumb network. Because in your scenario, it wouldn't matter if your fridge was using IPv4/NAT or IPv6; malcontents will find a way in either way.

      As for the whole address space thing, I think people are MUCH more comfortable with IPv4 vs. IPv6 because IPv4 is--at worst--12 digits. That's not too much of a stretch from a telephone number: something we've been memorizing for decades. You can't say the same thing about IPv6 addresses unless they've been SERIOUSLY shortened, and then there's the matter of the letters; at least when telephone numbers use letters, they're used intentionally as a mnemonic.

  9. chrisf1

    Simples

    Shall we just rechristen IoT as 'The Subnets of Things'?

  10. TRT Silver badge

    To be perfectly frank...

    IPV4 follows a rather simple, easy to understand and logical addressing scheme which inherently ties in physical location to the active address. Odd as it may sound, so do lightbulbs, fridges, burglar alarms etc. They do rather tend to be in people's homes and businesses, and those homes and businesses have well defined IPV4 addresses. Where IPV6 might well prosper is in mobile devices - cars, phones, public transport etc. But even so, I don't see it being adopted quickly at all. Maybe I just don't get the addressing scheme of IPV6...

    1. Havin_it
      Alert

      Re: To be perfectly frank...

      This. Even my boss can get her head around IPv4 addresses more or less, but I myself blanch at the idea of wrangling all those irregularly-positioned colons, square-brackets and hex bits - eurrgh!

      What I really can't get my head around is how our current home-network/ISP setup will look and function in the New World(TM). Will every single device in your home use the ISP's DHCP server? What about DNS? Is even IPv6-ready consumer network kit (yes, some does exist) ready to conform to this new topology and still serve the local network's discrete needs/expectations?

      Also I reckon either our routers or, worryingly, all the in-home kit itself, will have to run much more complex, stateful firewalls in order to cope with the security implications. The home-router boom and NAT bought us, albeit inadvertently, the biggest device security fillip of modern times; it's going to take a lot of work to replace it, I feel.

      I'd welcome pointers from the commentariat towards any meaningful online discussion of these issues.

      1. Random K

        Re: Havin_it

        Well the good news is you are at least able to map internal (think NATish) ip6 addresses to external internet facing addresses on a 1 to 1 basis. This allows for some level of centralized management, the use of custom addresses corresponding to floor/room number/whatever. Of course that still means you have a whole new set of management headaches as such 1 to 1 mappings are not terribly simple to manage once you get a fair number of connected devices going. I'm sure there are already tools around to put mapped ips into groups for management purposes but I can't help but feel like subnetting and NAT are too useful to leave behind. On a software defined network though ip6 sounds like a non-issue.

        1. Canecutter

          Re: Havin_it

          "I'm sure there are already tools around to put mapped ips into groups for management purposes ..."

          Yes, it is called IP Address Management. It works for both IPv4 and IPv6, and allows you to do everything you describe and more.

      2. Warm Braw Silver badge

        Re: To be perfectly frank...

        >I'd welcome pointers [to] meaningful online discussion

        Believe me, you wouldn't. It's interminable. I was last actively involved in the IPv6 debate around 20 years ago now and I was weary of it then - although the arguments change, they haven't really moved on because it's always been more of a religious than a practical discussion.

        Lots of people will be happy tell you what the "New World" will look like, but they won't all paint the same picture. My personal view is that IPv4 is now going to hang on as an access protocol to the Internet for a very long time and that most SoHo users will never see IPv6 (they'll get destination NAT as well as source NAT). The majority view appears to be that your ISP will replace your home router with one that's IPv6 capable and your IPv6-capable computers will simply autodiscover their new IPv6 configurations and carry on as if nothing had happened. However, I suspect that the people who hold the majority view have not worked near an ISP help desk.

      3. fajensen Silver badge

        Re: To be perfectly frank...

        You are just old and crufty ;-). Pay the PFY to fix it, they will be happy to learn all that new and shiny stuff.

        IPv6 does not use DHCP, it uses "Stateless Auto-configuration", http://ipv6.com/articles/general/Stateless-Auto-Configuration.htm

        1. ZeroSum

          Re: To be perfectly frank...

          DHCPv6 can be used on the LAN side of the modem, for example if you don't want your devices getting the long addresses using the last 64 bits that SLAAC generates.

      4. PhilPotter

        Re: To be perfectly frank...

        In regards to local addresses, typically the ISP will give you a /64 block, which is around 18,446,744,073,709,551,615 addresses not taking into account the non-usable ones. This is handed out dynamically by your local router using either stateless addressing of DHCPv6 - neither of which involves the ISP. DNS typically uses the ISPs servers, and this is doled out automatically via RDNSS or DHCPv6 again. Most firewall configs would be quite simple - block everything incoming except related packets, and work from there - basically having the same effect as a NAT. Different yes, but people would get the hang of it.

      5. Yes Me Silver badge

        Homenets [Re: To be perfectly frank...]

        Firstly, with a sensible ISP and sensible wireless router, running IPv6 on your home network is trivial (nothing to do except switch it off and on again). A Fritzbox is good for example; and find an ISP that offers dual stack by default.

        Second, with IPv6 there is a reasonable hope of being able to plug-and-play a much more complicated home network with multiple segments and routers, and all kinds of "things" connected to it. With firewalling, since we all agree that you don't want those "things" to be accessible by GCHQ or worse. But this is still in the future as a consumer product set; IPv6 is a long-term solution.

    2. TheOtherHobbes

      Re: To be perfectly frank...

      >Odd as it may sound, so do lightbulbs, fridges, burglar alarms etc.

      So far. It's only a matter of time before we have robo-bulbs and robo-alarms that roam the streets looking for customers to take them home.

      If you think email spam is bad, just wait until it grows wheels and starts following you around.

  11. Don Jefe

    Late Game

    Shouldn't it really be 'the Internet'? The Internet already 100% pure 'thing' construction, why reduce its flexibility by creating boundaries around an already largely unbound thing? Doesn't matter anyway I suppose. I'm pretty sure that most non techies don't know the difference between the Internet and the WWW anyway.

    I'm also pretty sure that very few of the people dealing with IPv6 actually know what it's about, just that I guess I'm supposed to need some. Already this year I've received nine phone calls to my office (and when I find out who gave them my office number I'm going to choke them with business cards that have my not office office number on them) wanting to check our phone system for IPv6 support, our printers, VPN concentrator, just everything. But it wasn't the vendors I bought from calling, it was silly little one horse consultancies with really stupid names.

    That last sentence says so very, very much about the tech world and it's been that way since the 1980's. The actual important stuff is never sold well so everybody gets off on willy waving with benchmark results that are meaningless about 45 days after you were at the bleeding edge.

    Everybody stands (sits to be truthful) and talks (types) about weird, esoteric things like OSS, licensing practices, document formats, manufacturer business models while completely ignoring the actual important stuff like enough addresses so your fuckable flashlight can post your best time to shame on a leaderboard website somewhere. It lets all the shady bastards get out in front and make everyone's job harder.

    Anybody who has ever been through a big foundation technology change should already see the crap filled trap that's just over the horizon. In a few months some guy is going to put up a 'Number of IPv4 Addresses Available' site that will make headline news and every IT person on Earth will be crushed under a ton of bullshit ad-hoc workarounds that'll just break something else and make them, and anybody that has to deal with them, more miserable.

    People aren't going like this, but bullshit last minute stuff like Y2K or IPv6 that's huge but ignored so long it makes more work for everyone is 100% on the shoulders of IT staff. You can't blame stuff like that on managers or clients, that's a failure of sales skills. It people don't like sales though. Well, tough shit. It's either work on your powers of persuasion and get out in front of the headaches you all know are coming or be happy being put upon by your employers/clients.

    Sales isn't closing a deal, sales is getting your way by making people understand things from your perspective and giving you what you say you need to deliver it (money, staff, booze, etc...). The lack of even basic sales skills in so many IT workers is why their employers have to spend so much money on marketing. Far, far more than most other industries. I've been there, writing those $8Mper week checks to marketing companies and every tech CEO I know (and that's a lot of them, some of the well known ones eat at my house sometimes) would not hesitate to put more into R&D but they can't because they're forced to pay slick Salesdroids, marketing companies and enter revenue sharing ad partnerships just to sell what professionals in other industries do lots of internally.

    Have you never wondered why tech sales literature is so atrociously useless and utterly misses all the important stuff? It's because the guys who make things attractive don't want to deal with the majority of IT people because it's simply not worth the effort. So the selling points get hucked off to some pasty faced Manhattan firm filled with latte and Macs and not a single person who knows dick about the product.

    All I'm saying is so very, very much of the frustration felt by so many IT professionals is their own fault. If IT wants to be respected as equals they need to brush up on their sales. Not have to make journalists do the work for them.

  12. Phil O'Sophical Silver badge

    IoT

    The Internet of Things will FAIL anyway, lack of IPv6 will just be the excuse when it does.

    Does anyone know anybody who wants all their "things" on the Internet? Even those who do certainly don't want them publically accessible, or even publically identifiable.

    1. I ain't Spartacus Gold badge
      Devil

      Re: IoT

      I'll have you know that I've got great hopes for my line of internet-connected boxer shorts!

      1. Preston Munchensonton
        Coat

        Re: IoT

        Internet-connected boxers will have to have an, ahem, attachment for them to be, ahem, feasible.

        1. I ain't Spartacus Gold badge
          Coat

          Re: IoT

          An 'attachment' you say? I believe I already have the requisite dongle.

          1. Phil O'Sophical Silver badge
            Alert

            Re: IoT

            Until the EU decides to standardize, that is.

            1. Don Jefe

              Re: IoT

              It's not that I don't agree, having 'everything' online is not a great idea, or very useful, but I'm not sure that's necessary. Matter of fact, I know it isn't necessary. Very little of IT spending is driven by IT professionals. Even the big enterprise sales figures everybody likes to crow about are, and will always be, a teeny tiny drop in the SMB and consumer markets.

              There's nobody easier in the world to convince of sketchy, at best, value propositions. You just tell them they need it and name someone rich and/or famous who uses it and that's all there is to it. The fact a dog can also respond to phone calls and A/V cues over IP, and is a lot more fun and girls like dogs too is irrelevant to them.

              They want whatever you tell them they want and they want it so bad they'll sign up for stupidly high interest financing plans and be happy about it!

              Products and concepts fail for many reasons, but reason is rarely one of those reasons.

  13. Paul Kinsler
    Happy

    the lightbulb moment...

    pawlik: "all the very disappointed customers who say 'oh, I bought my lightbulb but now I can't switch it on and off anymore because I can't reach it on the internet.'"

    Well, back to candles it is, then.

    1. Nigel 11
      Coat

      Re: the lightbulb moment...

      I'm surprised no-one has asked yet ...

      How many network technicians does it take to change a lightbulb ?

      1. I ain't Spartacus Gold badge
        Happy

        Re: the lightbulb moment...

        How many network technicians does it take to change a lightbulb?

        192,168,001,001?

        1. Sir Runcible Spoon Silver badge
          Coat

          Re: the lightbulb moment...

          If they're coming to change the bulb at my house it will need one hundred and twenty seven thousand and one.

    2. Lamont Cranston

      Re: the lightbulb moment...

      Couldn't help but assume that we're all going to get so fat that reaching up to flick the lightswitch will be beyond us, and that the (IPv6 compatible) lightbulb will automatically order a replacement for itself when it's about to die - and then you'll find out exactly how many technicians it takes to change a lightbulb.

      Wall-E was a documentary, right?

  14. Evan Essence
    WTF?

    IPv6 Forum

    What's up with the IPv6 Forum site? Many of the pictures are squashed down or squeezed in and the home page is tediously long. And was there supposed to be a link there to the UK IPv6 Council?

    1. Don Jefe

      Re: IPv6 Forum

      You must be viewing the site on legacy IPv4 kit.

  15. Why Not?
    Pirate

    Bring the water closer, make us thirsty.

  16. Tannin
    FAIL

    Networking's answer to Windows Vista

    IPv6 is the Windows Vista of networking. Or possibly the Windows 8. Yep, it's got all the features, yep, it is technically miles ahead of what went before, yep, it is very clever, yep, it's got loads and loads of gee-wiz new features, and yep, everybody hates it because it doesn't work the way they expect it to and it breaks stuff.

    IPv6 has failed in the market the way Vista failed. If it was anything remotely like what people wanted, it would have been a huge success by now, but hardly anybody uses it or wants it. Everybody understands IPv4, even your granny can get her mind around it if you make analogies with street addresses and post box numbers. Above all, IPv4 has those non-routable address blocks and with readily available $30 NAT boxes, with only a very basic skill set, anyone can make sure that packets which belong inside the building stay inside the building. Simply, the market does not want IPv6, it wants IPv4 with extra numbers.

    To the IPv6 Committee: piss off.

    We, the rest of the world, don't want your bloated, over-complicated, intrusive Vista of a product. That's why we have been assiduously avoiding it for longer than we have been laughing and pointing at Windows ME. It's been around and been "about to become the future" since before most teenagers were born, since HTML 4 was an RFC awaiting official approval (never mind XML, let alone HTML 5), since OS/2 was a not uncommon operating system, since Netscape Navigator was high-tech and popular, since search meant Yahoo or Alta Vista, since nine years before the very first iPhone was released, and it still hasn't caught on. That's what we people in the trade call a "hint".

    1. Peter Mount

      Re: Networking's answer to Windows Vista

      NAT? That's evil.

      Try running certain voip products over it - yes skype works but it does so by detecting you're behind a NAT and creates a HTTP tunnel making the connection flaky (you're router will only hold the connection open for a while).

      CNAT/CGNAT is even worse.

      Setting up IPv6 is actually easy - took me a morning & it took that long as it was my first attempt at building an IPv6 firewall from scratch.

      1. I ain't Spartacus Gold badge

        Re: Networking's answer to Windows Vista

        Peter Mount,

        How come VOIP doesn't work over NAT? I'm sure it increases the technical difficulty, but given that everybody uses NAT, and has done for years, this suggests a problem for VOIP to solve.

        The alternative appears to be wishing for a better network, which breaks loads of other stuff.

        I am merely a humble dabbler in, and user of IT. But IPv6 is going to cost my company time and money to implement. As well as me for my home stuff. The methods that keep the current system working appear to break less than the things the new system does - hence I'm sticking my head in the sand and hoping it'll all go away. Or the IPv6 people could maybe notice nobody's moved over and look at IPv6.1?

    2. Evan Essence

      Re: Networking's answer to Windows Vista

      If it's non-routable IPv6 addresses you want, you want unique local addresses.

      1. Tom 38 Silver badge

        Re: Networking's answer to Windows Vista

        I don't want IPv6 at all. When I want non-routable addresses, I use one of the many available private network classes.

        PS: Unique local addresses today (fc00::/7), but it was site local addresses but a few years ago (fec0::/10). Your typical IPv6 connected computer will have at least 3, probably 4, IPv6 addresses - a unique local address, a link local address, ::1 and possibly a global address - too overly complicated for me to give a fuck.

      2. John Sanders
        Mushroom

        Re: Networking's answer to Windows Vista

        FCUK YOU IPv6!!!!

        Definition[edit]

        The address block fc00::/7 is divided into two /8 groups:

        The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, but this has not gained acceptance in the IETF.[1][2][3]

        The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string. This results in the format fdxx:xxxx:xxxx:: for a prefix in this range. RFC 4193 offers a suggestion for generating the random identifier to obtain a minimum-quality result if the user does not have access to a good source of random numbers.

        Example[edit]

        As an example, a routing prefix in the fd00::/8 range would be constructed by (pseudo-)randomly generating a 40-bit hexadecimal string, taken to be fedcba9876 in this example. The 40-bit string is then appended to the fd00::/8 prefix. This forms the 48-bit routing prefix fdfe:dcba:9876::/48. Using this prefix, 65536 subnets of size /64 are available for use in the private network: fdfe:dcba:9876::/64 to fdfe:dcba:9876:ffff::/64.

        It should be noted that the 40-bit string from this example was (obviously) not randomly generated. The prefix above is therefore in fact not a validly generated ULA routing prefix according to the standard. The standard requires that the 40-bit string be (pseudo-)randomly generated e.g. by using the algorithm specified in the standard. Any other (non-random) prefix has a high risk of being non-unique and thus cause a prefix collision.

        FCUK YOU!!!!

        1. Don Jefe
          Happy

          Re: Networking's answer to Windows Vista

          You've spelled FUCK wrong.

        2. ZeroSum

          Re: Networking's answer to Windows Vista

          All that fd::/8 sh1t can be ignored by normal users. The only important addresses are the globally routable ones.

    3. I ain't Spartacus Gold badge

      Re: Networking's answer to Windows Vista

      Tannin,

      If IPv6 is Windows Vista, then when do we get the excellent and popular IPv7?

      Where we take all the advances in the architecture of Vista and make most of them now work properly? So that the users are willing to touch them with a 20 foot bargepole...

      By the way, thanks for reminding me of Windows ME. Erk! Dad had that, fortunately the only computer I ever used/fixed with it installed on. He had Win 95 and ME - so I had to rebuild his OS a lot, and help him recover from many crashes. Sadly he never go Win98, which would have given me (and him) a much easier life.

      1. John Sager

        IPv7

        There won't be one. There is enough v6 expertise around that the v4 crunch will (eventually) be solved by moving to v6, despite the grumblings, and probably with some extreme tantrums along the way, judging by the comments on here.

        I've had v6 for years courtesy of Entanet, though I had to build my own firewall/gateway router.

        Sadly many manufacturers are still in ostrich mode though. I recently bought a TP-Link TL-WA901ND access point to replace a venerable WAP54G. It worked fine for both v4 and v6 in a basic config, but when I wanted to set up a guest SSID the problems started. SSIDs on a VLAN didn't support v6 at all and the v6 router announcements on the default (untagged) VLAN1 leaked into the guest SSID(!). In correspondence with TP-Link they said this device would never support v6. Luckily there is a OpenWRT build for this device, so reflashing and configuring and I now have fully working v4 and v6 on both main SSID and guest SSID. Thanks OpenWRT and a raspberry to TP-Link!

    4. Canecutter

      Re: Networking's answer to Windows Vista

      "Above all, IPv4 has those non-routable address blocks and with readily available $30 NAT boxes, with only a very basic skill set, anyone can make sure that packets which belong inside the building stay inside the building. Simply, the market does not want IPv6, it wants IPv4 with extra numbers."

      Non-routeable address blocks: IPv6 has a very large pool of similar address blocks, if you want to use them. They are called ULA (Universal Local Address), prefix: fd00:: /8 Enjoy their use.

      Readily available $30 NAT boxes: If you need it (unlikely) any Linux box could do the job. Save your $30.

      Make sure packets stay inside the building: You ever actually put a protocol analyser on the egress link of any company network. Many have so badly misconfigured their egress routers that you can find teeming masses of packets with SRC=192.168.x.y, 10.x.y.z, etc going to God alone knows where. I won't quite bet on net-10 the way you would.

  17. Peter Mount
    Meh

    A problem with IoT is also lack of hardware

    Most microcontroller's don't yet support IPv6 (I've yet to find one).

    For example, the Arduino has several Ethernet shields available - all only IPv4. The problem here is that the stack is implemented in silicon so without building a new chip then it'll never support IPv6.

    What I do here on my home network (fully IPv6 by the way) is to run NAT64 on my router. That then provides an IPv6 address to all IPv4 only machines (Arduino, rooted Freesat box etc). This only allows IPv6 to access the IPV4 but it's enough right now for my purposes.

    As for IPv4->6, the only way I've got to get it to work is via a proxy - but none of my machines talk to the cloud directly so not yet an issue.

    1. Daniel Palmer

      Re: A problem with IoT is also lack of hardware

      The IP in hardware chips like the wiznet ones will only ever do ipv4 in hardware but you can use it with a software stack to get ipv6. I expect bigger brand products like TI's WiFi and IP in a can products will get ipv6 support eventually but until then just use a micro with enough guts to run the stack itself and a chip that only handles the Ethernet or WiFi parts and leaves the IP stack up to you like microchips products do.

  18. Pete 2 Silver badge

    A solution looking for a problem

    > There's always NAT, of course, to keep IPv4 alive, but we're told that's rather 20th century:

    IPv4 has one enormous advantage over IPv6: it's here already.

    The v4 vs. v6 situation strikes me as similar to 3D-TV. Yes, it might well be better, but the old system is good enough. There are a few early adopters who have, well, adopted it early - but there doesn't seem to be much interest in the other 99.99% of the world tossing their perfectly good, functional, tried and tested systems merely on the say-so of a few "leaders".

    NAT was brought in as a workaround for the impending filling up of IPv4 space and it's been very good as a workaround or that problem (much as Intel's arcane x86 architecture allowed them to back 16-bit addresses into an 8-bit world. It wasn't as pretty as the 68k linear space, but it worked well enough.) . And as far as the IoT is concerned I would be quite happy if my personal IoT was contained fully within a NAT'd environment - with little or no external "discovery" possible: or that *my* IoT be accessible only through a protocol gateway that was under my personal control: much like a router's firewall is, today.

  19. Alister Silver badge

    IPV4 shortage

    We know there's a finite limit to the IPV4 address space, and we now have to jump through hoops and fill in loads of forms to justify our usage for each and every one.

    But I personally know of at least 4 different /27 blocks that we stopped using in 2008 which have not been re-used, and still appear in the RIPE database as ours, even though they aren't routed to any of our existing networks. A couple I've just tried still have reverse DNS entries for a couple of mail servers of ours, even though there's no forward lookup to that IP anymore.

    So how come they haven't been re-allocated, if we're so short of IPs?

    1. Mr_Pitiful

      Re: IPV4 shortage

      Quote "we now have to jump through hoops and fill in loads of forms to justify our usage for each and every one"

      I didn't have that problem, I rang my ISP and asked for 10 IPV4 addresses, and within 5 minutes they were allocated and working!

      I asked at the time "isn't there a shortage" their reply was "not here"

      I think I'll stick to IPV4 for the foreseeable future

  20. Sir Runcible Spoon Silver badge

    Sir

    Part of the problem with IPv4 isn't just the lack of public addresses, it's the lack of private addresses.

    As more and more large corporates connect to one another via VPN and have all been using RFC1918 address space it presents many conflicts when trying to connect companies to their trusted third partners.

    It's not that hard to solve, but if it's done without a lot of thought it can create an almighty mess and massive time-sink for any support and new project related issues.

    /3p

    1. Alister Silver badge

      RFC1918 address space

      I know a funny story about that...

      We moved offices a couple of years ago, and as part of that move we carefully re-planned our network.

      For all the servers which were required to be accessible externally, we moved them onto a separate sub-net with VPNs in place - both site-to-site and client-to-site - for branch offices and home workers to connect. For the sake of argument, lets say we put these servers on 192.168.28.32/27.

      Anyway, about a year ago, one of the company Directors started complaining that he couldn't get to these servers anymore from home. It took us a while before we realised he'd recently bought and set up a new broadband router, and, trying to be clever, he'd set it to serve DHCP addresses on 192.168.28.0/24 instead of the usual 192.168.1..0...

    2. John Sanders
      Facepalm

      Re: Sir

      So you build two networks separately one for each of two separate private companies.

      And when the two merge together they need to fix any collision they may have now as a result of the merger.

      A problem that no one could foresee retroactively.

      And the solution is to create an address private space with random-generated addresses so huge that such collisions are less possible.

      And thus the world has another of those situations in which a monster is created to solve a non-issue.

      Because companies affected by this do have the resources (money, sysadmins and project managers (lest not forget them)) to tackle the problem and begin an orderly merge re-iping parts of their network as the merger progresses.

      That is far easier than to move everybody and everything to IPv6 on both companies.

      1. Sir Runcible Spoon Silver badge

        @John

        I've read your post twice now and I'm still not sure who you are responding to and which parts of your post are supposed to be sarcastic and which are supposed to be points you are trying to make.

        "A problem that no one could foresee retroactively."

        That appears to be the logical issue with your entire post I'm afraid...it doesn't make sense.

        I don't think anyone mentioned about two companies merging, but since you did..

        If you are talking about companies that are large enough to have entire departments working on migrating their internal address range then logically the size and complexity of the estate is also larger (I'm thinking of when Thomson merged with Reuters for example) - they are both using large parts of the private space.

        I also think you'll find that in reality, the number of people that end up being responsible for fixing such a situation could be counted on the fingers of one hand.

    3. Charles 9 Silver badge

      Re: Sir

      Part of the problem with IPv4 isn't just the lack of public addresses, it's the lack of private addresses.

      Private address space 10/8 allows 2^24 addresses within it. If there's a company that uses more than 16 million addresses within its internal network, I'd like to see it.

      1. Sir Runcible Spoon Silver badge

        Re: Sir

        "If there's a company that uses more than 16 million addresses within its internal network, I'd like to see it."

        Uses, no. Assigns? All the time.

        And oddly enough most companies start assigning the 10 range from 10.0.0.0 upwards in large blocks (national/regional etc.) rather than random selections of /29's throughout.

  21. brooxta

    Clue

    For a bunch of commentards on a tech site most of the above comments exhibit very little technical and internet history clue.

    IPv4 is running out (basically has already apart from the barrel scrapings). Anybody talking about unused /27s or whatever needs to think more about the actual cost/benefit of 1) figuring out who has them, 2) if they are _completely_ unused, 3) how to reassign them fairly and efficiently, 4) work out where they're going to find the next unused /27 when they need it most, and then compare that to migrating to IPv6.

    There is no point in trying to eke out a tired, used up resource like IPv4 when you have a tidal wave of new devices that all need addresses on its way.

    IPv6 has its faults, but it's a tried and tested solution that meets the addressing needs of the foreseeable future. It is also widely accepted by the industry already. If you have a problem with it, well you rather missed that boat. Any complaint ought to be directed at vendors and ISPs who should all be vocally supporting the protocol by now. And actually adopting early (ie now, which astonishingly might actually still be counted "early") saves you the hassle of having to migrate even more devices/systems later.

    I am glad to see El Reg covering this topic and look forward to more of the same.

    1. Roland6 Silver badge

      Re: Clue

      >IPv6 has its faults, but it's a tried and tested solution that meets the addressing needs of the foreseeable future.

      Surely you are talking about X.25 CONS, it had a variable length address field (like CLNS) and was used for real world communications for many years...

      IPv6 will only become tried and tested once it gets used outside of the backbone. Otherwise, without digging up the past, it does seem to be the only option on the table.

    2. ShelLuser

      @brooxta

      No offense, but I think your shown attitude is a prime example of the major obstacle for IPv6 adoption.

      First of all the endless, ever ongoing, doom scenario's. The Internet was going to explode in 2002, 2007 and 2011 (from the top of my head) due to running out on IP addresses. Now, 12 years later, we're still there. Thing is; it doesn't even matter if there have been dozens of admins doing dozens of all nighters to make this work; the damage has been done in public opinion. Not one, not two, but multiple times. Doom scenario's which in the end don't come true are a sure way to lose a lot of credibility really fast.

      Another problem; it's never about co-existence but always replacement. Which is utterly narrow minded. 192.168.1/24 is a lot easier to grok and implement than trying this with IPv6. The only easy thing about IPv6 private ranges is knowing that it'll always start with fd and if you want easy you'll need to make it as wide as possible (the more narrow you make your network range, the more digits you'll need to use). A common approach is therefore /64. But even that gobbles up 4 16bit parts. So lets make it easy on ourselves: fdfa:aaaa:bbbb:cccc::/64.

      Hmm... 192.168.1.5 to 192.168.1.10. vs. fdfa:aaaa:bbbb:cccc::5 to fdfa:aaaa:bbbb:cccc::10 ?

      Oh wait, of course I forgot. I'm using the 1 range, so basically my own "range" within the 192.168 "segment" if you will. Ergo; my above IPv6 example actually isn't good enough. To be a full replacement I'd need to add yet another segment. I know; I'll use a 0 at the end so I can skip it: fdfa:aaaa:bbbb:cccc:42::5 to fdfa:aaaa:bbbb:cccc:42::10.

      This may come as a surprise to you, but the IPv4 counterpart is a whole lot easier to type.

      Which is also one of the main flaws in IPv6 reasoning; the illusion that these addresses wouldn't matter (too much) because of DNS and ARP / DHCP. But if you're fixing network related problems then the last thing you want to do is rely on "automagically" assigned addresses and the likes.

      And these examples are almost as endless as IPv6 is.

      1. brooxta

        Re: @brooxta

        >No offense, but I think your shown attitude is a prime example of the major obstacle for IPv6 adoption.

        Hmm, on review my opening line was rather offensive. Sorry.

        > First of all the endless, ever ongoing, doom scenarios

        Yep, fair comment, that's been going on a lot. The thing is that there's a kernel of truth: IPv4 cannot demonstrably cope with the future in the way that IPv6 can. If you want to engineer round the problem then it's better (and probably easier) to come up with a technical solution than to engage in "user reeducation" (ie. Step 1: >czerrt< "This problem is not as big as you think it is." >czerrt< Step 2: repeat step 1 until user is reeducated).

        The bigger issue is that IPv4 has managed to cope (via kludges like NAT and CGNAT) with expansion from desktops -> laptops -> phones/slabs/consoles, although right now we're rationing the addresses very carefully, but now there's about to be this huge number of additional network connected devices that all require address space and where are we going to find it?

        > Another problem; it's never about co-existence but always replacement.

        Yes, kind of. You can run dual-stack successfully though. And my point about missing the boat was that this discussion was had 20 years ago, and for better or worse (this side of the switch-over it seems worse right now, the other side of the switch-over it's probably better) the decision was taken to go for replacement.

        > This may come as a surprise to you, but the IPv4 counterpart is a whole lot easier to type.

        No surprise :-) it's the most obvious difference. And the thing is that it is a consequence of the problem that needs to be solved. How else do you get the address space you need than by making the addresses longer and/or including additional characters to represent them? IPv4 works for network sizes that boggle our minds. IPv6 works for networks that blow your mind. As the network evolves so the tools and techniques will need to also.

        1. Matt Bryant Silver badge
          Stop

          Re: @brooxta

          "....And my point about missing the boat was that this discussion was had 20 years ago, and for better or worse (this side of the switch-over it seems worse right now, the other side of the switch-over it's probably better) the decision was taken to go for replacement....." Yeah, except enough people could get enough annoyed that they come up with a more popular proposal that seizes market share (think Betamax vs VHS, or cassettes vs vinyl, 100BaseT vs FDDI), whereupon IPv6 gets consigned to the bin. The problem is actually that IPv6's boat is simply unpopular, unwanted, and unlikely to be accepted whilst almost any other option works (dual stack, DS lite, etc.), as shown by the lack of uptake over the last twenty years. The IPv6 pushers blaming the users is simply denial.

      2. John Sager

        Re: @brooxta

        "Which is also one of the main flaws in IPv6 reasoning; the illusion that these addresses wouldn't matter (too much) because of DNS and ARP / DHCP. But if you're fixing network related problems then the last thing you want to do is rely on "automagically" assigned addresses and the likes."

        IPv6 went to a lot of trouble to make this work well, and the link-local stuff in ICMPv6 for neighbour and router discovery 'just works'. In my internal network inter-machine connections such as ssh use a range out of my allocated prefix plus the automagic bottom 64, and the link-local stuff just carries ICMPv6. The default route automagically appears as the link-local address of my firewall/gateway. It'll be a bit more complex for bigger networks but all the router manufacturers have screeds of info on how to configure it, either statically or via v6-aware routing protocols. And it's all readily Googleable!

      3. John Sanders
        Mushroom

        Re: @brooxta

        IPv6 is a clusterfuck,

        And one of the big problems is that the IPv6 people is in denial.

        I started learning IPv6 years ago, the standard has changed considerably, so many times that I though, !@#$%^&* it, I will implement it when everybody else does, in the hope that it will be settled by then.

        But no.

        1. Anonymous Coward
          Anonymous Coward

          Re: @brooxta

          I started learning IPv6 years ago, the standard has changed considerably, so many times

          Mmm hmmm, and IPv4 was the same from day 1 including multicast addressing and CIDRs… which is why we have so many /8's allocated to big organisations like Apple.

  22. Yugguy

    I've yet to see why a business like ours with more than enough private ip4 and a need for only a small amount of public ip4 addresses needs to worry about ipv6.

    And no, I'm not a technophone or against progress.

    1. Anonymous Coward
      Anonymous Coward

      How are you going to be able to talk to all the people who come online after the IPv4 address space is completely depleted?

    2. Adam 1 Silver badge

      Like any 'scarce' resource the market will set a price. When they run low then anyone who really needs one will have to pay more than now and no doubt many companies and institutions who are currently sitting on addresses they don't actually need will 'realise' the value of that asset.

  23. John Tserkezis

    Show me the money.

    Because that's what it's all about.

    The IPv4 landscape is tied behind a bucket load of money, and introducing IPv6 will remove the single thing that's keeping things that way: No supply and lots of demand = Higher prices.

    The people who want to plug in a plethora of devices want IPv6, the people who build the devices want and support IPv6, the people who build the networking gear want and support IPv6, because all of them don't have any real interest in the IPv4 struture, they don't have much tied into it.

    The guy or entity that owns the IPv4 address you're using RIGHT NOW however IS interested, they're either making money out of it, or they have a lot of money tied up on paper, and they ain't going to let it go without a fight.

  24. Panicnow

    Spooks don't want ipv6

    NAT helps keep all your data going through a small number of gateways. IPv6 returns us to the Internet where all traffic is routed peer to peer, with the ability to multi-route etc.

    Make private file sharing much easier too.

    ... Wonder why the ISP aren't deploying IPv6!

    1. TRT Silver badge

      Re: Spooks don't want ipv6

      You see, that's one other thing I don't understand. How can you route peer-to-peer across a domain with more routes to more IPs than you can fit into a computer's memory?

  25. phil dude
    Joke

    is this what.....

    the decimalisation debate was like back in the 60's....?

    P.

    1. hplasm Silver badge
      Unhappy

      Re: is this what.....

      "the decimalisation debate was like back in the 60's....?"

      no, it's more like proposing the opposite- or changing from metric back to imperial measures...

    2. Phil O'Sophical Silver badge

      Re: is this what.....

      No, because for years after decimalisation you could still use shilling and florin coins to pay for things priced at 5p or 10p.

      IPv6/IPv4 is more like a "when shall we change to driving on the right" kind of debate. Co-existence is kinda tricky...

      1. Evan Essence

        Re: is this what.....

        Co-existence is kinda tricky...

        I'm running on a dual-stack machine right now – all modern machines are. I can talk to IPv6 hosts, and equally talk to IPv4 hosts (such as The Register).

        1. Phil O'Sophical Silver badge

          Re: is this what.....

          I'm running on a dual-stack machine right now –

          Me too, I've been doing that for 15+ years, but there's a lot of IPv4 network between me and other IPv6 islands. Co-existence on one system is easy, between networks, not so much.

          1. John Sager

            Re: is this what.....

            "but there's a lot of IPv4 network between me and other IPv6 islands"

            If you use a tunnel broker, perhaps. Most of the Internet backbone carries IPv6. The BGP routing protocol anounces v6 prefixes. I have no problem getting to v6 hosts all around the world, and only a small fraction, if any, goes over v4 tunnels.

            1. Canecutter

              Re: is this what.....

              "If you use a tunnel broker, perhaps. Most of the Internet backbone carries IPv6. The BGP routing protocol anounces v6 prefixes. I have no problem getting to v6 hosts all around the world, and only a small fraction, if any, goes over v4 tunnels."

              Thing is, if your (native) first-hop egress link doesn't carry IPv6, you haven't much choice about using a tunnel. :(

    3. Irony Deficient

      Re: is this what …

      phil dude, it’s more like the decimalization debate of the 1850s — if the farthing should be changed from 1/960 pound to 1/1000 pound (thus keeping the pound as it was), or if the farthing should be changed from 1/960 pound to 1/100 florin (thus changing to the florin as the unit of account, and redefining the pound to be a derived unit of 10 florins), or if the pound should be changed from 960 farthings to 1000 farthings (thus keeping the farthing as it was).

  26. Anonymous Coward
    Anonymous Coward

    Well, my ISP has already moved to IPV6, and I am on a NAT'ed IPV4 address shared with other customers. It comes with a few problems but I'm happy to be an adopter!

  27. Pirate Dave
    Pirate

    Maybe what the world needs

    is IPv4.1. Add an octet to the current 4-octet IP4 addresss and work from there. That would give us 253 more Internets or thereabouts. But would still be comprehensible by those of us who aren't Mensa members. Let the IETF figure out how to map/divide/segment the new Hypernet(tm), then let the software and hardware folks start tweaking their stacks to make use of it. One extra byte would require lots of work to implement, which would be good for keeping folks busy for a few years.

    And here's the first suggestion: 1.x.x.x.x would map to the current IPv4 address range.

    1. Daniel Palmer

      Re: Maybe what the world needs

      It still wouldn't work with the existing ipv4 internet so what would be the point of getting everyone on a network that still has most of the issues of ipv4 and has address that are a weird size to the machines processing them. If everyone's problems with ipv6 really boils down to that they can't learn how to work in other number bases and learn some syntax OR use tools that do the work for you then all hope really is lost.

      1. Pirate Dave
        Pirate

        Re: Maybe what the world needs

        Considering how slow the adoption of IPv6 has been, I'd say all hope really is lost. Looking that those figures for IPv6 traffic, it's apparent nobody much wants this overly complicated protocol, and until they shove it down our throats with absolutely no alternative available, a lot of us won't use it. There's no benefit, only a lot of pain.

        1. Daniel Palmer

          Re: Maybe what the world needs

          >until they shove it down our throats with absolutely no alternative available, a lot of us won't use it.

          Who is they? You are free to suggest a protocol that is better than IPv6 and try to get it accepted by enough people to make it a standard. I think you'll find that it's incredibly hard to do that hence there is only really IPv6 and various tunneling IPv4 in IPv6 solutions in the running here.

          I hate to inform you of this but if you have a recent OS you probably already have IPv6 running.

          1. Pirate Dave

            Re: Maybe what the world needs

            >You are free to suggest a protocol that is better than IPv6

            I think I did just that a few posts ago.

            "They" would be my upstream ISPs and the Internet in general.

            I hate to inform you of this, but I specifically disable IPv6 on all of my machines.

            Now I will give you that perhaps my "extra octet" idea isn't very good, since 5-byte words aren't very common to CPUs or compilers and would require quite a bit of extra processing (compared to IPv4) to accommodate that extra byte. Would it be worse than IPv6 for performance? I don't know, but I doubt it. I would think it would be slightly worse than IPv4.

            1. Daniel Palmer

              Re: Maybe what the world needs

              @Pirate Dave

              >>You are free to suggest a protocol that is better than IPv6

              >I think I did just that a few posts ago.

              You stated an idea. You didn't define a protocol by any means.

              >"They" would be my upstream ISPs and the Internet in general.

              The internet in general want a bigger address space. No one is forcing anyone to use anything. Other than your "lets do IPv4 with an extra byte in the address field" brain fart and IPv6 there aren't many options. What should ISPs do? Stick their heads in the sand, make up excuses about not wanting to have long addresses and wait until your amazing protocol has widespread industry support?

              >I'm a Network Admin. Seeing, typing, remembering, and assigning IP addresses is my job.

              Surely learning to work with new protocols is also "your job". Your argument is like all programmers rejecting machines with a 64bit address space because they don't want to potentially have to type out long addresses. The address syntax for IPv6 is specifically designed so you only have to remember the bits that actually matter to you. Do all "network admins" think this way? "I want everyone to have to suffer being behind hacks like NAT etc because I'm too lazy to learn about something that has been looming for the last 20 years..".

              1. Pirate Dave

                Re: Maybe what the world needs

                >"something that has been looming for the last 20 years.."

                And that's the point of my earlier posts - in 20 years of this looming issue the only answer we've gotten from "those who know" is a solution that is horrible overkill for the problem at hand (and seems to be used and evangelized primarily by those with a bit too much zeal for said solution). Christ, even Microsoft eventually admitted Vista was a miss and a step too far.

                As long as we admins have the option to not use it, a lot of us will choose that option in the vain hope that someone from the "those who know" pool will come up with a better solution. Or we retire. Or IPX comes back from the dead. Either is an acceptable alternative. If Google, Facebook, YouTube, Amazon, Ebay, et a,l switch to IPv6 overnight, then yes, we admins will follow along the next morning, grumbling in our beards, and life will go on.

    2. Ken Hagan Gold badge

      Re: Maybe what the world needs

      What *is* this fixation with literal IP addresses?

      Unless you are configuring a router or a DNS or DHCP server, you should never even *see* an IP address, let alone have to type one in or remember it. If you have some other network software that regularly throws literal addresses in your face, report it as a bug.

      Even if you *are* setting up such a machine, you'll always be using the same prefix (yours) and the double colon notation spans the middle ground. The bit you have to deal with manually is the final hex digit or two.

      For domestic customers (and small businesses, actually), you don't even need to do that. Your ISP will deliver a prefix over the wire and your router and devices can all do the right thing without any configuration at all.

      1. Pirate Dave

        Re: Maybe what the world needs

        "Unless you are configuring a router or a DNS or DHCP server, you should never even *see* an IP address, let alone have to type one in or remember it."

        I'm a Network Admin. Seeing, typing, remembering, and assigning IP addresses is my job.

        1. Ken Hagan Gold badge

          Re: Maybe what the world needs

          Is your employer aware that s/he is paying you for a task that the rest of the world automated several decades ago?

          Assigning IP addresses is the "job" of the DHCP server. Remembering them is the "job" of a DNS server. Seeing them is the "job" of the APIs in well-written software. Typing them is no-one's "job".

          1. Roland6 Silver badge

            Re: Maybe what the world needs @Ken Hagan

            No "Assigning IP addresses" is the job of the network designer & administrator, the DHCP server administers the allocation and leasing of IP addresses to individual client devices from the pre-assigned range to a defined set of network ports.

            Naturally these addresses don't automagically get transcribed from the network design into DHCP servers and other devices that need to know about specific IP addresses etc.; someone has had to type them in, even if it is only into the network design tool...

    3. Roland6 Silver badge

      Re: Maybe what the world needs @Pirate Dave

      >Add an octet to the current 4-octet IP4 addresss and work from there.

      The fundamental problem with IPv4 which was recognised back in the 80's was that it used a fixed length address field. Both X.25/ISO CONS and ISO CLNS used variable length address fields. At the time the argument was that variable length fields increased packet header processing overheads - which given how much slower cpu's were then, was a relevant consideration. Today even with much faster cpu's and faster networks, the issues with variable length headers and addresses remain.

      I think many were surprised that IPv6 went for 16 byte addresses rather than 6 (as used by IEEE MAC addresses) or 8 (would permit an identifier followed by a 15 digit international phone number in BCD). I suspect the decision permitted it to support much of the richness of the ISO addressing scheme without some of it's inherent processing issues.

  28. Brandon 2

    someone tell the NSA...

    Someone tell the NSA about the unlimited snooping potential of everything being connected to the internet, and we (the USA) will mandate IPv6 adoption in 2 years. Then there's no rush for our brothers across the pond, as that should free up quite a few IPv4 addresses for the taking...

    1. Matt Bryant Silver badge
      FAIL

      Re: Brandon 2 Re: someone tell the NSA...

      "Someone tell the NSA about the unlimited snooping potential of everything being connected to the internet...." Sorry (not) to interrupt your tinfoil tirade, but you really need to understand the physical backbone will not change one iota as far as the NSA are concerned. Currently, with IPv4, your connection to the Internet is via your teleco's cable or via their wireless tower. Both go back into the teleco's system, where the NSA have their little black box to pick out selected conversations (or the telecoms or ISP do it for them). Fast forward to IPv6 and your signal goes from your IoT device to the same telco via their cable or wireless tower, into the same little black box, where the only difference is they now split out the conversations by IPv6 unique identifier rather than IPv4 address..... Actually believing that IPv6 is going to stop eavesdropping is childishly naive.

      1. Charles 9 Silver badge

        Re: Brandon 2 someone tell the NSA...

        You missed the point of the post. He's saying the NSA would welcome IPv6 because it would make snooping EASIER because of the removal of the NAT layer. This means they can remove the step of bridging the inner and outer networks from their work of breaking through the firewall.

  29. Greg D

    Why do they always blame enterprise for slow adoption?

    So IPv4 is running out of address space and has been for years.

    But surely this is only a problem for ISP's and big public data network providers?

    As a network engineer for a large corporation, we have no intention of changing our LAN or WAN to IPv6. Quite frankly there is no reason to. Our network is private and we only require a handful of public IP addresses for certain services. NAT fulfills our needs fine for this.

    In order to get out of trouble, at least in my little head, the ISPs should be deploying IPv6 networks and supplying customer kit that does IPv4 to IPv6 translation/bridging. So essentially all customer networks would be a private IPv4 network, and in order to get online they would need to hook up to an IPv6 ISP network via some kit that does some clever translation between the two IP stacks.

    Maybe this is just pipe dream conjecture, since I dont fully understand how IPv6 works. There are a lot of fundamental differences - I know at least that much.

    1. John Sager

      Re: Why do they always blame enterprise for slow adoption?

      @Greg D

      You've got a problem that's going to hit you where it hurts sometime down the road then. I'm assuming that people in your organisation use the WWW, so you need internal hosts to connect to external hosts using NAT, yes? Now, consider the case where some new company springs up (e.g. like Facebook) providing a service that becomes absolutely essential to your staff. But, they can't get any v4 addresses and have to go v6 only. Now, you could put in some kind of reverse NAT64 proxy that mapped internal rfc1918 address(es) to its v6 server addresses and faked up DNS to make it work internally. That would work, but you've now given yourself an almighty admin problem of keeping this stuff up to date, especially when more v6 only sites come online.

      How close are you to retirement? Do you want to gamble?

      1. TRT Silver badge

        Re: Why do they always blame enterprise for slow adoption?

        Sounds like a perfectly reasonable solution, and one which will have a company or good-hearted netizen providing it, in the vein of public DNS or RIP updates.

      2. Greg D

        Re: Why do they always blame enterprise for slow adoption?

        I plan on brushing up my skills when the time comes. My point was that until this hypothetical situation of yours occurs, there is zero benefit to switching to IPv6. If anything we lose certain securities etc. The differences in protocols are huge in places from what little I currently understand of v6.

        My other point was that this magical device I conceived, armed with my in-depth knowledge of IPv6 (utter lie), would be able to dynamically NAT v4 > v6 addressing and vice-versa, storing a local NAT table so it can remember what client was requesting what site.

        That magical v6 to v4 NAT box of doom would be a piece of ISP kit that bridges the customer equipment running IPv4 with the ISP equipment running IPv6.

    2. ZeroSum

      Re: Why do they always blame enterprise for slow adoption?

      With a large proportion of the content by volume of data (Youtube, Netflix) already available over IPv6 the next group that needs to adopt IPv6 is ISPs. That will stimulate more websites to adopt v6. Enterprise internal networks aren't that important to v6 adoption. They can come when they want to. The vast majority of the traffic is to residential ISPs and mobile networks.

  30. Anonymous Coward
    Anonymous Coward

    As another no-nothing on the subject of IPv6

    The designers seem to have gone out of their way to make it hard to understand. Or not gone out of their way to make it understandable. They can all think in hex, so those who have to get a piece of paper or a calculator to work it out suffer the headaches.

    If you showed the man-in-the-street, an example of the IPv4 scheme eg 136.221.090.167 and told him you needed it to handle more addresses, he'd have said add more numbers and meant something like

    1361.2211.0904.1670 or 172.155.136.221.090.167 as required to make the length big enough. Because they are easy to read. same reason your packet of cornflakes has 5 070 345 21245 written below the big fat barcode on the bottom.

    1. Daniel Palmer

      Re: As another no-nothing on the subject of IPv6

      The ipv4 scheme is easy to understand because 32bits isn't a lot of bits to represent and that's exactly why ipv4 has to be replaced.. The syntax of ipv6 addresses looks weird if you have only ever seen ipv4 addresses but it's been made that way so you don't have to type out all of the bits that make up the address as there are a lot more of them to represent. To be honest I can't really see how "its hex, can't work with it" is a good argument because you need to understand some concepts like bitwise and to really understand ipv4... Is hex really that much harder? And if you can't learn how to work in hex or use a calculator that can convert bases for you what are you doing dicking around with network settings in the first place?

      1. John Sanders
        Mushroom

        Re: As another no-nothing on the subject of IPv6

        The problem is not that it is hex.

        The problem is that it is way too complex, and the fact that you get sequences like:

        2001:0DB8:1111:2222::1/64

        fe80::2e0:b6ff:fe01:3b7a

        2001:410:1:2:212:43FF:FEE3:C600

        And the complexity does not stop on the addressing scheme, everything is complex FOR NO FCUKING good reason.

        This is Windows 8, Gnome 3 and KDE 4 all over again.

        It is not that we can not deal with change or new technologies, it is that the changes do not make sense are not requested.

      2. Charles 9 Silver badge

        Re: As another no-nothing on the subject of IPv6

        Is hex really that much harder? HELL YEAH!

        At least with IPv4, there are at worst 12 digits (and note, they're all numbers). We deal with sequences of similar lengths when we negotiate the telephone system: which we have for decades. What real-world analogue is there to the IPv6 scheme?

        IOW, IPv4 is within our comfort zone. IPv6 is WAY out of our league.

  31. Dick Emery

    Names. Names. NAMES!

    I can understand it for devices that wish to auto connect to other stuff whereby you don't need to know what their address is. But say you want to access your home energy system remotely. Entering a series of digits, letters, colons and wotnot does not really inspire much confidence now does it? You want a simple DNS system to connect over IPv6 don't you? Ah! But a helluva lot of names are already taken in the existing DNS system. All the easy to remember ones at any rate. You want to access Toms.Home.Energy? Tough 1,000 others already have variations of that including jumbled digits for letters and capitalizations. The only other way would be to have your own unique domain (tomshome.co.uk) and uses sub domains I guess.

    1. Dick Emery

      Re: Names. Names. NAMES!

      I meant to add that it's not the lack of number address that is the problem. It's the lack of EASY TO REMEMBER names that is at issue here. It's kinda like when you sign up on a big forum or social network and find that the username you want to use has been used by untold other. Tom1234 instead of plain Tom for example.

    2. Dick Emery

      Re: Names. Names. NAMES!

      I've just had an idea. People keep going on about how complicated IPv6 is when setting up. Mostly for internal networks I may add. I think the answer is that the devices need to have their own DNS translation system inbuilt. Instead of you having to enter a specific IPv6 address you just enter a unique name and let the device translate that into a unique (out of the gazillion possible addresses) IPv6 identifier. So for instance HTCM8.ABC.123. Dealing with all this numbering network nonsense should have been done away with ages ago. We only need a unique identifier for each device and the hardware should automatically translate it to the required address without any collision without even a network guru having to touch it.

      1. Sir Runcible Spoon Silver badge

        Re: Names. Names. NAMES!

        "Dealing with all this numbering network nonsense should have been done away with ages ago. We only need a unique identifier for each device and the hardware should automatically translate it to the required address without any collision without even a network guru having to touch it."

        And how would you connect this hardware up in the first place?

        1. Anonymous Coward
          Anonymous Coward

          Re: Names. Names. NAMES!

          >And how would you connect this hardware up in the first place?

          over IPv4???

    3. Ken Hagan Gold badge

      Re: Names. Names. NAMES!

      "The only other way would be to have your own unique domain (tomshome.co.uk) and uses sub domains I guess."

      Um ... yes. They thought of that 30 years ago and so DNS is a hierarchy. That's exactly how you are supposed to do it. Only a complete moron would try to solve the name shortage by inflating the top-level domain. Oh wait...

  32. Bloakey1

    I Am Not Wanting.

    Right,

    This has been going to happen for a while according to the science fiction etc. I can see it now:

    Grumpy me gets up in my Mediterranean idyll, and after a session of cerveza I decide to make a cup of tea as i am gasping and mad with the drouth.

    Flick switch on kettle

    Light on but ten minutes later no heat

    Unplug kettle

    Plug in kettle

    light but still no heat

    Look for manual

    Find warranty number (where i live we have three years on electrical items)

    Call warranty people

    "Hello, my name is Dierdre O'Hoollahan, what can i do for you Sahib"

    "Err, hi Dierdre, those o'Hoollahans got about a bit innit. My kettle is dead I need to get it replaced"

    "Is there a light on Effendi? "

    "Bejasus so there is"

    "I am afraid i will have to hand you over to Seamus O'Gobshite in tech support, can i have your name for our records"

    "For fecks sake, grrrr, mumble, feckers, grrr, Its William"

    "Willeem?"

    "Noohhhhhh, Whiskey, India, Lima, Lima, India, Alpha, Mike"

    "Ohh, Will I Am, you should have said Mr Will i am Saheeb"

    "Ahhhhgggghhhh"

    "I transfer you now, can I help you on any other matter apertaining to the aforesaid circumstances or any other items that perchance you have happened to purchase and falls within the remit of my job at Globoshite support"

    ""Ahhhhhhh, grrrr, whimper"

    "Hello Seamus speaking, are you Mr William?"

    "Yes"

    "You are wanting support?"

    ""Ehhhh"

    "What are you wanting Mr William"

    "I have a Euro Kettle 2000, manufactured in china and it will not heat water"

    "Mr William, have you plugged in the kettle"

    "Whimper, yes"

    "Have you power in your lowly hovel?"

    "yes (sobs audible at this point)"

    "Mr William, have you rebooted the house"

    "mama, sob, weep, NO"

    "Mr William, I need you to reboot your house as the electricity is dirty"

    "Sob, gnashing of teeth"

    "Mr William did you hear me oh honoured son?"

    "sound of stomping, sound of plastic item hitting deck outside house"

    "Mr William I need to talk about your kettle!!!"

    "What kettle? I think you have a wrong number"

    "Mr William"

    "hangs up, brrrr noise. Sound of children getting soundly thrashed, a dog getting a severe kicking and a screaming and wailing wife who never knew her placid boy was actually an abusive monster."

    You can all take your Inertnet (sic) of things and insert it where the monkey stuck the nuts.

    1. Matt Bryant Silver badge
      Happy

      Re: Bloakey Re: I Am Not Wanting.

      Just imagine, after you have rebooted your house for the fifth time to no avail, the support desk operator declares your house must be built of the wrong type of bricks, and refuses to give further support until you rebuild your hovel using Globalshite Brix5000 bricks....

      1. Bloakey1

        Re: Bloakey I Am Not Wanting.

        I agree old chap.

        The big question would be;

        Should the HOUSE have Windows and DOS, should it have a room at the back so I can take the Solaris and maybe have a sun DEC?

        Doors that GLIDE with Chrome accoutrements, something that looks Joli?

        In the Garden I could have Blackberries, Raspberries (oy you old boys not that type of raspberry as the wheelchairs would play havoc with the lawn), Apples, Acorns etc.

        My God What if I got all these things WANG.

    2. ecofeco Silver badge

      Re: I Am Not Wanting.

      BRAVO!!!

  33. Martijn Otto

    It's not the online businesses that have been slow: It's the ISPs. Those fuckers should get off their lazy arse and start giving costumers a dual-stack connection. The company I work for has IPv6 for everything, but only 1 in 200 requests comes in over IPv6.

  34. Frumious Bandersnatch Silver badge

    And another thing

    Not about ipv6, but the whole concept of Internet of Things.

    I think that there are plenty of companies out there salivating at the thought of making a lot of net-connected gizmos. Most of them will be junk, but they'll be able to charge a premium for them. That's not the real issue, though. The real issue is how many of these gizmos basically won't work unless you use the manufacturer's servers for data collection and control. Like many other readers here, I would never buy a product that worked like that, regardless of how useful or desirable the gizmo was. It's this element of being able to spy on users (or simply being able lock them into a subscription service for the lifetime of the device) that I fear will be quite appealing for many companies.

    This, in my opinion is the single greatest factor that is stopping (or will stop) the advance of this IoT thing. OK, I said I wouldn't mention IPv4/IPv6, but ...

    I know that IPv4 and NAT issues are also another technical limitation. You can't easily connect to your server without either renting a VM or server from a hosting provider (which also might have privacy/legal issues surrounding it), can coax your ISP to do port forwarding for your incoming traffic, or simply shell out for a (scarce) public IPv4 address.

    IoT device manufactures really need to provide two options for the user: first, they need to let you configure the devices so that you use your own server (and provide the server software), and secondly, they also need to make their stuff IPv6-capable. The latter is a bit of gamble considering it adds cost for a feature that not many people are using yet (and it's unknown if/when they will). On the other hand, if they don't support IPv6 then all these devices will go straight to landfill if/when the switchover happens...

    1. Bloakey1

      Re: And another thing

      Dear sir,

      I agree and i would also point you in the direction of in built obsolescence and over complex and over engineered products.

      I have had cars of late that were computer controlled and had EPBs (Electronic Parking Brakes)..

      Cough

      Snort

      Sob

      Mumble.

      Mumble.

      WHY DID YOU BRING UP THE SUBJECT OF EPBs ??????

      GRRRRRRR< YAHHHHHH, SCREAMMMMMMMMM

      <sound of ambulance and large coves wearing white jackets>

      1. Frumious Bandersnatch Silver badge

        Re: And another thing

        <sound of ambulance and large coves wearing white jackets>

        They're coming to take me away, hahaaa!

    2. ecofeco Silver badge

      Re: And another thing

      "The real issue is how many of these gizmos basically won't work unless you use the manufacturer's servers for data collection and control. "

      Exactly.

  35. Not That Andrew

    Virgin Commited to IPV6?

    So that's why I'm still using an ancient Motorola Surfboard then.

  36. The Dude

    shortage? What shortage?

    I ordered two static IP addresses from my ISP. They provisioned them immediately. Then I looked at the gateway IP address(es) that came with those IP addresses, and both the IP addresses were in a subnet of one IP address. In other words, every IP address ordered actually becomes two IP addresses provisioned. According to my ISP, there is no shortage.

    I do occasionally look at IPV6, just long enough to disable it on everything where it is enabled by default. No complaints, so far.

  37. ecofeco Silver badge

    And thank god

    Who in their right mind wants everything they own tracking their every action?

    That path is the ultimate tyranny.

  38. Rupert Fiennes Bronze badge

    Cisco or El Reg are confused. Or both :-)

    "Foddering added that in Blighty only a small number of internet service providers, including Virgin Media, were fully committed to enabling IPv6 capability".

    Really? That would explain VIrgin's steadfast absence of IPv6 peering addresses then!

    http://www.peeringdb.com/view.php?asn=5089

    Compared to say BT

    http://www.peeringdb.com/view.php?asn=2856

  39. Number6

    Keep up at the back

    I wondered about how to do IPv6 some time back. It turns out to be relatively easy to implement a basic configuration that works, but you need to give some thought to the firewall/router configuration because you don't really want anything out there in IPv6-land to be able to access any port on anything on your local network.

    Getting your local stuff to work is simply a matter of havnig a Linux box on your system running a configured radvd, then you'll be surprised how much of what you've already got will suddenly start using IPv6 on your internal network. Windows XP and above, OS X and Linux all just work, as do Android phones (can't comment on iPhones, not got one). Some network-connected printers will also do IPv6, along with a sprinking of other devices.

    Hooking that lot up to an external network needs a suitable router that will preferably block all incoming stuff by default (just as a NAT router does for IPv4) and either an ISP that understands IPv6, of which there are a few, or you can set up the router (or other machine) as an IPv6 endpoint to a tunnel to a service that will send you IPv6 packets over IPv4. I have a combination of both the ISP and the tunnel on my networks. Again, check what the outside world can access, there are a few IPv6 scanners out there that will probe machines on your network for you.

  40. Trevor_Pott Gold badge

    ""Unfortunately it's a little bit late," he warned. "We thought the world would act in a grown up way, but well...""

    Funny, I've been saying that the world wouldn't for a decade already, and that the failure to grok this - and appropriately plan for it - is why I consider IPv6 and all those who dreamt it up a laughable failure. Just because it works on an ivory tower drawing board doesn't mean it works where dollars must leave the wallet.

    But no, they called me crazy. Well fuck them.

    1. Anonymous Coward
      Anonymous Coward

      Well, the problem is not really IPv6 itself, it's that IPv4 is so deeply entrenched.

      It's the same problem that Microsoft has with Windows XP. People are so used to it that they refuse to ditch it now the time has come.

      I'll agree, the address format is hideous, but you get used to it. If you're used to CIDRs in IPv4, IPv6 isn't much different.

      If you were setting up a dual-stack network with the prefix 2001:db8:4321:abcd::/64 for IPv6 and 192.168.32.0/24 for IPv4, you could number machines on v6 2001:db8:4321:abcd:192:168:32:1, 2001:db8:4321:abcd:192:168:32:2 … etc.

      The hardest bit is remembering the prefix then. Not sure about you, but I can rattle off two Windows 95 OEM keys off-by-heart, due to the simple need to re-install it when things went pear shaped: and I haven't touched Windows 95 in years! At first I had trouble remembering my IPv6 prefix, but I'm finding now I can remember it as well after a bit of usage.

      The office network here has a number of VLANs: we use a slice of the 10.0.0.0/8 address space for IPv4, and a fd00::/8 address for IPv6: I encode the VLAN ID in the 3rd octet for IPv4, and in the last 8-bits of the prefix for IPv6. The rest of the v6 address is the last octet of the v4 address expressed in hex.

      I tend to encode things in unused bits as a helpful mnemonic, so say I had two sites in a larger organisation that was given a /56, one in Brisbane the other in Sydney, I might encode the last 16-bits as being: 0x42 0x{VLAN} for the Brisbane office (0x42 == ASCII 'B'), and 0x53 0x{VLAN} for the Sydney office (0x53 == ASCII 'S').

      It's a different matter for IPv6 automatic addressing, yes, those addresses encode your MAC address (or some random number), and yes, they're ugly. Multicast DNS (Bonjour to you Apple people, Avahi if you run Linux) is your friend here: then you just need to remember hostname.local.

      I'm not sure what the alternative is though: 128 bits is quite a lot to represent, even 64-bits would be a lot: you could dot it in a "dotted-quad" using words rather than octets, but it'd still be awkward. You could use 8 groups of 5 digits, but it'd still be long.

      Then again, how often have you seen a non-technical user enter an IP address for an external site? I know some who don't even enter URLs.

      Programming wise: the effort needed in my experience has been minimal. UDP networking is where it's most noticeable, I think it took me 5 minutes to get something working. This was communicating with 3G power meters via NAT64. About the only thing that's missing from IPv4 that I know of is broadcast messaging: multicast can do the same things and more.

      As for what others are asking for: an alternative… if it's taken this long to get IPv4 ready in contemporary operating systems, just how long would such an alternative take? Do we have time to devise, implement, test and roll-out such a replacement before crunch time? Would it look any better, given the issues faced?

      1. Charles 9 Silver badge

        "Then again, how often have you seen a non-technical user enter an IP address for an external site? I know some who don't even enter URLs."

        Online gamers. Most small-time servers ONLY have IPs.

        1. Anonymous Coward
          Anonymous Coward

          Online gamers. Most small-time servers ONLY have IPs.

          Good point. If you've only got one or two users it hardly makes sense to use a host name, and an in-game interface often makes copy & paste impractical.

          Thankfully there are free services that can provide a host name (yi.org is one I use because it supports AAAA records and is nice and short), so it's not a hard problem to solve.

          Where gamers might find things a lot easier though, is when wanting to run a games server, they just need to tell their router to permit traffic to their system's IP via a specific port rather than having to tell the router to DNAT the traffic: a UPNP-like system may do this for them making it more-or-less seamless.

  41. Sleepy Bob

    Lol

    [pi@dns0 ~]$ nslookup -type=AAAA www.theregister.com

    Server: 192.168.123.22

    Address: 192.168.123.22#53

    Non-authoritative answer:

    *** Can't find www.theregister.com: No answer

    [pi@dns0 ~]$ ping6 www.theregister.com

    unknown host

    1. diodesign (Written by Reg staff) Silver badge

      Re: Lol

      tl;dr: We don't use IPv6. Blame us for the death of IoT, if you wish.

      C.

      1. TRT Silver badge

        Re: Lol

        Praise you!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019