Why you shouldn't worry about IPv6 just yet

eeek

First of all - using your MAC address for wifi security?!! ouch the MAC is always available to anyone listening so its easy to grab and use as a "first guess" for wifi.

Secondly - the MS technology for "hauling ipv6" over the internet allows for remote access using DirectAccess which is about the only valid use for IPv6 i can see at the moment (we use it to and its excellent)

Ben

By bibble on 18 Aug 2010

It's all in the "attempt"

I didn't say *secure*, I said "attempt to secure". I consider Wireless security an oxymoron in the first place.

By Steve_Cassidy on 18 Aug 2010

If you telnet to towel.blinkenlights.nl then you are greeted with the following message - this should be reason enough to move surely?

"The IPv6 version has extra scenes and extra color support. So if you want to experience ascii starwars to it's fullest you really should get IPv6. www.sixxs.net or another IPv6 tunnel broker may help getting IPv6 to your computer.
Good Luck,"

By rlsdaveas2000 on 18 Aug 2010

Humbly disagree

I disagree with zealotry, in either direction. Those screaming that everyone must run IPv6 now should be disregarded ... but so should those advocating ignorance.

IPv6 will become an increasingly relevant topic to all network engineers, and in fact I'd argue we are finishing up the slow-start side of the equation and quickly approaching a period of strong activity in the IPv6 space.

Nits, in no particular order:
* You will usually find that IPv6 people are very pro-DNS.
* NAT does break things, and the problems it creates are not really "paid for" by those deploying the NAT devices. This is not an ideal situation, but NAT does serve a valid purpose.
* IPv4 address exhaustion has been a concern at many points in our Internet, and Yes, temoporary fixes have been implemented (VLSM, NAT and DHCP all played a part!) - but we are approaching the end of those band-aids. The real solution, IPv6, is deployable today for most environments, and the last 10% of problems should be worked out NLT end of 2011. That means it should be in peoples' budgeting processes now'ish, especially for the slow-moving organizations out there ...
* MAC addresses are 48bits ... 6 pairs of Hex digits (each Hex digit is 4 bits).
* Google and Comcast are doing great things towards real-world, "at volume" IPv6 deployments, followed by Cisco, Netflix, Facebook, and others. It "is real".

... I could go on, but this isn't supposed to be a book ... Regards!
/TJ

PS - Disclaimer: IPv6 is what I do, so you may think me biased towards it ... and you'd be right, but please note: I do IPv6 because I believe it to be *the* answer for the long term scalability of the Internet, not vice-versa.

By trejrco on 18 Aug 2010

Blap - wrong answer

The problem here is that you do have one IP address, the one your router uses in the public internet. Your ISP assigns you that address. It gets it from something called a RIR, RIPE if you are in the UK. The problem is that RIRs are running out of IPv4 addresses to give to ISPs. In about 2 years, we'll be out, and that prediction, which is based on actual use statistics, has been remarkably stable for quite some time.

There is a gigantic hack that will stave off the problem for a short time: instead of giving you a one real public address for your router, your ISP may deploy a giant NAT box and give you a private address. That only works for a while because we'll run out of "ports" on the remaining public addresses pretty quickly, but it will let you keep going for a while.

After that, your ISP will start only supplying IPv6 addresses.

Now, you might be able to get your router to do "4 in 6" which means your systems inside your home net remain IPv4 addressed and the router converts to IPv6 towards the Internet, but we are, in fact, running out of IPv4 addresses for real.

By brtech on 18 Aug 2010

Charmed, I'm sure

Thanks for that, BRTech... I'll take that as a case of "violent agreement" to the main article as printed (this is a precis) - it's time for people to undertake some research, because under some limited circumstances, with some ISPs, or certain configurations, on new connections... maybe... what you say will come to pass. There are countervailing factors - especially the current fad and pressure towards traffic shaping and the attendant contractual squeezing. I'm sure from other places in the architecture - Tier 1 and Tier 2 especialy - it all looks quite different. I wasn't addressing those readerships.

By Steve_Cassidy on 18 Aug 2010

IPv6 is important today. I do agree that there is considerable hype that has left people feeling disillusioned with regard to IPv6. The current exhaustion calendars from HE.net and iNetCore only say when IANA is expected to run out of IPv4 addresses (285 days, May 30, 2011). The RIR's will have approxiamately 18 months of allocations remaining when IANA hands out their last blocks. Most ISP's should have another six months of addresses on hand after their RIR has depleted their allocations. Realistically we will have > 1000 days from today. The problem is that IPv4 isn't going anywhere for years. We will have dual-stack networks, and the two addressing schemes will exist side-by-side. We don't need or want a killer app. If we wait until there is a killer app, and everyone floods from IPv4 to IPv6 en mass then there will be some significant destabalization in routing tables as they rapidly change. We already see some hits on performance related to rapid changes in the IPv6 routing tables. The point is that we NEED to implement IPv6 when we aren't under the gun to get it done. If we had to implement tomorrow, we would be in big trouble. There are some vendors who have great IPv6 support, and yet others barely have it on their radar. RIM is a great example of a company who need to get their act together. LTE and 4G rely on IP for voice and data. They are pure IP devices, and they will require IPv6. Verizon has already stated that they will require IPv6 for any LTE devices on their network. As it stands, RIM does not have IPv6 support in their devices or management platform. In fact you have to jump through hoops to kill IPv6 on the Windows Server 2008 box if you want to install the BES. It won't do just to uncheck the IPv6 box in the network properties.
Another point is the fact that each of the bandaids introduced to deal with address depletion has some impact. The up side has alway out weighed the downside. In 1993 the IETF published RFC 1519. Right in the problem statement they state that CIDR was a short term solution designed to defer the onset of the problem of 32-bit address exhaustion. Carrier NAT is just the latest bandaid to defer the onset of the problem of 32-bit address depletion.
Another point is that the IPv4 and IPv6 worlds will be accessible via tunnel brokers. The problem there is the introduction of high transit delay (up to 150ms) for the tunneling process. New services might not have the option of deploying on IPv4. If those services are interactive, high delay could kill the experience for many users.
I could go on and on, but I won't. Act today so that you have the luxury on time for planning on your side.

By testoftime on 18 Aug 2010

Again, thanks: that's a top level comment in response to a bottom-level article. While there are wider precedents for sudden shock changes to consumer marketplaces (the obsoleting of non-DAB radios springs to mind!) all the estimates here are considerably extended: by which I mean: not in this year's budget. It would be really great to corrall all these responses in a more readable format or summary!

By Steve_Cassidy on 18 Aug 2010

Impact on end users

You are right that there have been varying predictions about when the world will run out of IPv4 addresses for many years. Because of band-aids and work-arounds we have been able to postpone that moment for many years. The supply of IPv4 addresses is now so small that the predictions are becoming more and more accurate. In the beginning of 2011 the global pool (IANA) will be empty. By the end of 2011 or the beginning of 2012 the regional pool (RIPE NCC in our case) will be empty. A few months after that the ISPs will run out of unused addresses. Until this point most end users won't see any problems.

When an ISP runs out of unused addresses they won't be able to grow anymore. At least not in the way everybody is used to. To connect new users some kind of address-sharing has to be implemented. There are not enough IPv4 addresses to give everyone a unique address. Then it will start to hurt the end users. Without your own unique address things applications like VPN connections, Skype, Bittorrent can't function anymore. Access controls based on IPv4 addresses won't be reliable (or usable) anymore.

Imagine being at home and not being able to open a VPN connection to the office. Imagine being the responsible sysadmin at the office. Imagine having bought software or equipment that doesn't work anymore because of this.

If you pay a bit more you might be able to get your own IPv4 address from your ISP. Are you willing to pay extra for all internet connections (office + employees)? What happens when employees need to connect from locations that don't have their own IPv4 address?

So I don't agree that end-users are not affected in the near future. Certain applications will have problems in a year and a half. Home users might have some problems with that. Small businesses might have some larger problems if they are not prepared...

No reason to panic just yet, but it's also not a good idea to ignore the whole issue.

By SanderSteffann on 18 Aug 2010

Lateral Drinking

I can think of "inelegant" fixes to those scenarios, which may not satisfy IP purists but certainly will tick the box for the end user (and here I mean both company & private users): things like MPLS are a good case in point - implemented by ISPs and widely criticised - but achievable. Home ISP users can use another pair or a 3G link for V6 VPN tunnels. There's lots of non-IP ways around the singularity, and the "routing vs shouting" argument keeps on being devalued (sorry, but it does) by some curious gaps in communication between the heavy metal crew (that's you lot) and the end users (that's my readers). Those gaps in communication are worthy of a whole field of study in and of themselves - but that's about humans, not about networks!

By Steve_Cassidy on 19 Aug 2010

Inelegant "fixes" only cause problems

We've seen time and time again that hacky solutions only cause further problems and heartache. NAT is and always will be a problem that causes system and network administrators to pull their hair out wondering why, oh why, they couldn't just have more public IP space... The IETF recently (meeting 74/75?) had a demonstration at one of their technical plenaries showing how the carrier grade NAT solution breaks a lot of apps that just work today behind traditional NAT. I believe it was Comcast/Google/Apple and a couple of others that headed the discussion panel and they all seemed to agree that carrier grade NAT was a horrible thing. ICE is one IETF solution to a particular problem caused by NAT and it doesn't even work in all cases... sometimes things will just fail. You're argument about having to deal with 16 octets has some truth to it, but really?? Is avoiding a longer IP address you're argument for injecting even more bad solutions into networks worldwide? DNS is of course the solution to having to deal with 16 octet addresses on a daily basis. I really didn't understand your argument as to why DNS doesn't solve this problem as your description was quite vague.

If you are a network administrator today and you don't understand IPv6, you are already behind the times. Governments and companies all across the world have either already started migrating to IPv6 or have plans to do so in the near future. Those plans can only be formulated and carried out by engineers that already have a good working knowledge of how IPv6 works. Network engineers that want to find themselves employeed in this less than optimal economy had better understand IPv6 and the associated transition mechanisms.

By ConcernedNetizen on 19 Aug 2010

Inelegant "fixes" only cause problems

We've seen time and time again that hacky solutions only cause further problems and heartache. NAT is and always will be a problem that causes system and network administrators to pull their hair out wondering why, oh why, they couldn't just have more public IP space... The IETF recently (meeting 74/75?) had a demonstration at one of their technical plenaries showing how the carrier grade NAT solution breaks a lot of apps that just work today behind traditional NAT. I believe it was Comcast/Google/Apple and a couple of others that headed the discussion panel and they all seemed to agree that carrier grade NAT was a horrible thing. ICE is one IETF solution to a particular problem caused by NAT and it doesn't even work in all cases... sometimes things will just fail. You're argument about having to deal with 16 octets has some truth to it, but really?? Is avoiding a longer IP address you're argument for injecting even more bad solutions into networks worldwide? DNS is of course the solution to having to deal with 16 octet addresses on a daily basis. I really didn't understand your argument as to why DNS doesn't solve this problem as your description was quite vague.

If you are a network administrator today and you don't understand IPv6, you are already behind the times. Governments and companies all across the world have either already started migrating to IPv6 or have plans to do so in the near future. Those plans can only be formulated and carried out by engineers that already have a good working knowledge of how IPv6 works. Network engineers that want to find themselves employeed in this less than optimal economy had better understand IPv6 and the associated transition mechanisms.

By ConcernedNetizen on 19 Aug 2010

Why parrallel networks?

I can't quite see why we would end up with parrallel networks for a long time. Surely it would be easier for the big ISP's to run just a single network, and once they start with IPv6 they will, over the course of a couple of years, move everyone to it.

They can't provide a limited experience to the net for those on ipv6 so will have to introduce some ipv4 to 6 conversion thing, at which point there's no need to support ipv4 anymore.

Also, I wonder if big players, like BT, can say "We're switching to ipv6 on day X. Prepare" and if they did, who it would effect other than direct BT customers?

Is my reasoning wrong?

By RichardFletcher on 19 Aug 2010

For ConcernedNetizen

Let me take a Devil's Advocate position here. 1) Debating the future of IP topologies in a minimally capable, small-audience comment stream with almost no edit capability is pretty much the definition of "inelegant", as your double-post demonstrates: and yet, you did it, in order to argue against taking steps like it. Waiting for Elegance probably should be the title of the definitive stage-play about sidelined techies - and I speak here as a long term sufferer from The Cambridge Delusion - there are still graduates leaving that university whose every networking conversation starts with "of course, Token Ring is clearly more elegant..." - to them, the fact that everyone else on the planet went and did nasty old Ethernet is a mortal sin from which mankind may never recover. Personally, I take a lesson from the evolutionary biologists - no matter how much you might think you can benefit from Intelligent Design, evolutionary forces will always catch you on the hop. For all those reasons - none of which at all are technical - I tend to believe that viewpoints like yours are doomed to irrelevance (which, to sugarthe pill a bit, is emphatically not the same as failure)

By Steve_Cassidy on 19 Aug 2010

@RichardFletcher

One thing to remember is, a lot of routers don't support IPv6, so will ignore traffic. Those will need to be upgraded.

Older operating systems don't support IPv6, and a lot of those run legacy software, which means that they can't be upgraded.

That will mean, that those devices and local networks which can switch, will be switched, which means those on devices which can't support IPv6 will not have such a problem getting IPv4 addresses from their ISPs.

Over the long haul, most of the devices on the Internet will have to be upgraded to IPv6. But, like Windows XP, IPv4 is going to be around much longer than it was intended or needed to be, if the designers had done their homework in the first place.

By big_D on 20 Aug 2010

Half right... (but remember the web site!)

Steve - You're correct that for the average network manager, IPv6 is likely a non-event for some time. There's no particular reason to upgrade your internal infrastructure to IPv6, unless you run across an application that requires it.

However, the public Internet is going to IPv6; the principle reason it hasn't happened (despite IPv6 being standard and available since 1999) is that the problem solved by IPv6 is running out of globally unique IPv4 addresses, and that's only happening next year. Look at the work being done by Global Crossing, NTT, Verizon, Google, Comcast, Facebook and others and you'll see that this is not a fad, it's a significant change that's going to happen slowly over the next few years.

For this reason, the typical network manager does need to look at the external servers (those outside the wonderful NAT) and decide when they'll add IPv6 addresses to those servers that are IPv4-only today. Why bother adding IPv6? It's simple: new broadband customers globally are going to start being connected via IPv6 (out of necessity) and if you want the same end-to-end connectivity you enjoy today, adding IPv6 to your public servers is the quickest route. The alternative is accessing via central carrier-sized NAT devices, which really have unknown performance at scale.
This has audio/video streaming, games, geolocation and other implications.

/John
John Curran
President and CEO
ARIN

By jcurranarin on 20 Aug 2010

The Horses Mouth Award...

Goes to Mr Curran. The only point I would make is that at least in the UK, I don't see anything like as many DMZ (or other non-NAT) servers in the small to medium business world, as I hear about in the US. Generally I'd say that external facing services for the general public (as distinct from extranets) are done on a hosting centre platform, not as an adjunct to an internal LAN. However, I have been of the view for a long time that this choice could well swing back into an in-house preference as net link speeds increase for the end-customer. Looking at your figures for how long V4 has left, I'll stick by my headline (saved by the word "just"!): We fully intend to ramp up our coverage of ipV6 as inevitablity creeps closer. And if it's OK with you, we will be in touch!

By Steve_Cassidy on 20 Aug 2010

aster than Mexicans buy lottery tickets

Really? I stopped reading after that.

By VanillaCoke on 26 Aug 2010