Forgot your password?
typodupeerror
The Internet

What About IPv6? How Long Until Widespread Deployment? 407

Posted by Cliff
from the don't-hold-your-breath dept.
Christopher Blood asks: "Over at the register, they talk about the EU adopting IPv6. So what about the USA? When do we get it? IPv6 would solve some and DOS problems and we will need the extra address space. What's the holdup?" While IPv6 may be the cure for all of our IPv4 ills, upgrading the whole internet to the new technology isn't going to happen over night. What has been done to prepare for the jump, and what still needs to happen before it can become a reality?
This discussion has been archived. No new comments can be posted.

What About IPv6? How Long Until Widespread Deployment?

Comments Filter:
  • by Moridineas (213502) on Thursday February 28, 2002 @05:25PM (#3087181) Journal
    At my university [duke.edu], IPv6 has been deployed since last year, maybe longer. I've been running FreeBSD w/ IPV6 for at least that long. Honestly, it hasn't made that big a difference for me :)
    • by luge (4808)
      Duke has had IPv6 available on resnet since at least some time during the '99-'00 academic year, so at least two and nearly three years. You just had to know who to ask to get an IP address :)
  • Backbone (Score:3, Interesting)

    by crumbz (41803) <<remove_spam>jus ... > g m a i l .com> on Thursday February 28, 2002 @05:26PM (#3087192) Homepage
    Given that Lucent's CEO said today that he does not see the telecom equipment market turning around anytime soon, a government initiative to upgrade the core routers to IPv6 would help boost the battered sector of the economy. Granted, Lucent shot themselves in the foot last year (several times) and upgrade to IPv6 might just result in a higher volume of spam.....
  • Newbie question.. (Score:2, Informative)

    by zapfie (560589)
    Is IPv6 backwards compatible with IPv4?
    • by ColdGrits (204506)
      Yup.

      As in IPv4 addresses are just a subset of IPv6, so any IPv4-based stuff will still work in an IPv6 network no problem.

      Not true the other way round, but then that doesn't matter :)

      So yes, they could upgrade the entire Internet backbones etc to IPv6 (and *should* do so asap) and all old IPv4 traffic will carry on as normal.

      • There is alot of code based on IPv4 functions - upgrading all the programs to use IPv6 would be a mammoth task... hey, maybe there will be some jobs opening up in Socket Programming soon?
        • For _most_ network-aware applications, the only thing different is the address format. Once you have the connected socket, the rest of the network code should remain unchanged.

          It's the (non-socket-related) code to handle e.g. address parsing which has to change.
          • by Codifex Maximus (639) on Thursday February 28, 2002 @05:48PM (#3087361) Homepage
            > For _most_ network-aware applications, the only
            > thing different is the address format. Once you
            > have the connected socket, the rest of the network
            > code should remain unchanged.

            So, essentially what you're saying is: After you get past all the things that are different then the rest is the same?

            Ok, I'll buy that.
            • Yes.. although now that you made me sit down and think about it, a lot of stuff cares about addresses once you have a socket (getsockname, getpeername, send, recv, etc...).
  • When? (Score:3, Insightful)

    by Anonymous Coward on Thursday February 28, 2002 @05:28PM (#3087203)
    I guess not in close future. When free IPV4 addresses run out, large address blocks reserved to big companies etc become very valuable. So, if you want addresses which work 100% of the time, you'll have to cough up money for the companies to get them. It will be that simple. Really.
    • Re:When? (Score:4, Insightful)

      by furiousgeorge (30912) on Thursday February 28, 2002 @05:35PM (#3087273)
      true. but if you're not located next door to said company, the main trunk routing tables become ridiculous.

      Remember --- M.I.T. has more assigned IP addresses than ALL OF CHINA.

      It's not north america thats going to drive IPv6, it's Europe and Asia where they're already starting to feel the address squeeze.
      • Is that still true? Last I read they gave a large portion of their address space back.... For all I know they could have kept a coupple million though.
        • Re:When? (Score:4, Informative)

          by noahm (4459) on Thursday February 28, 2002 @06:15PM (#3087557) Homepage Journal
          Is that still true? Last I read they gave a large portion of their address space back.... For all I know they could have kept a coupple million though.

          No, it was Stanford that gave up their class A. What were they thinking? MIT still has ungodly amounts of address space. We have net 18 (18.0.0.0/8), plus random assorted /16s (128.52, for example, is the AI lab). There are a couple others.

          The thing is, though, there's a whole lot of "reserved" address space out there. The IPv4 address space shortage is partially artificial. In some ways this is to preven the world from grinding to a screeching halt where there really are no more IPv4 addresses. Another is that maybe it will put pressure on people to be conservative with address allocation, which might make the shortage less pressing. Maybe it will also help to speed the deployment of IPv6.

          Most OS vendors are already supportind IPv6 out of the box. WinXP, for example, can be set up as an autoconfiguring IPv6 host very easily (ipv6/install at a command prompt, IIRC). The BSDs support it very well, as do many Linux vendors. I think that it won't be long until IPv6 communication on the internet is very widespread. I don't, however, think the whole internet will be IPv6 any time soon.

          noah

      • Re:When? (Score:2, Interesting)

        by 4mn0t1337 (446316)
        Remember --- M.I.T. has more assigned IP addresses than ALL OF CHINA.

        Good! There are already enough spam relays in China (and very few that I am aware of at MIT).

        We should make a deal that China doesn't get anymore IPs until they deal with all the spam coming from there. That and finish their dinner...

      • Re:When? (Score:4, Funny)

        by Cardhore (216574) on Thursday February 28, 2002 @08:06PM (#3088043) Homepage Journal
        That's because China only needs on IP for its firewall.
  • by kronin (413035) on Thursday February 28, 2002 @05:28PM (#3087204)
    I would like to know how close the backbone through the US is to being IPv6 ready. Anyone that knows care to respond?
    • by Raindeer (104129) on Thursday February 28, 2002 @06:22PM (#3087606) Homepage Journal
      Japan and Korea are leading, together with some other countries in the Asia/Pacific region (APNIC-countries). Second is Europe (RIPE-countries). Third is the United States and its neighbours.(ARIN-countries), though the United States is second as a nation.

      The reason I name the RIR's is that I base this on the amount of IPv6 space assigned. See:
      http://www.ripe.net/ripe/meetings/archive/ri pe-41/ presentations/plenary-globalrir-stats/sld011.html
      http://www.ripe.net/ripe/meetings/archive/ripe-41 / presentations/plenary-globalrir-stats/sld012.html
      and here for the up to date list of all assignments:
      http://www.ripe.net/ripencc/mem-serv ices/registrat ion/ipv6/ipv6allocs.html

      Furthermore you might find it interesting that in the RIPE-area, the RIPE community has decided that all Local Internet Registries can apply for a /32, which should suffice for all of them :-)
      You can find that policy here:
      http://www.ripe.net/ripe/mail-archives/ipv6 -wg/200 20101-20020401/msg00093.html
  • roadrunner (Score:2, Interesting)

    by Maditude (473526)
    I emailed RR a while back about their plans for IPv6, and despite several back-and-forth email exchanges, never did find anyone who had even HEARD of IPv6, much less get details on their rollout plans for it. Doesn't look too promising for cable-modem users.
  • When do we get it? (Score:4, Insightful)

    by nublord (88026) on Thursday February 28, 2002 @05:31PM (#3087227)
    When do we get it?

    When corporate America determines they can make a profit from it.

    • by sabinm (447146)
      More right than not. Why in the world would corp ISP want to give you a static IPv6 when that is a constant bandwidth tap?

      Joe Public will never "own" ip addresses again. That was made evident after the "great subnet rush" of the ninties.

      Having IPv6 addresses mean that anyone can have as many as they want if given away for free-
      until there is a way to consistently and legally charge for "per seat" usage for internet bandwidth, with crimial reprocussions (can you say DMCA) corporations will not adopt a standard which basically says, "a static and public IP address is worthless as a marketable commodity".
  • by sphealey (2855) on Thursday February 28, 2002 @05:31PM (#3087228)
    There are two factors holding IPV6 back: lack of concensus from those that make the decisions in the networking world that IPV6 solves any problems that need to be solved at anything like a reasonable cost. And lack of push from Cisco for implementation. There are thousands of other facets to the discussion, but let's face it: if Cisco had said a year ago that "oh, IOS 12.x now supports IPV6 and we think you should start using it" the world would have fallen in line. They haven't, which makes you wonder what they know that we don't. The story is that "customers aren't demanding it yet", but that didn't stop them from introducing the router when no one was demanding them, did it?

    sPh

    • Cisco road map [cisco.com] (pdf) for implementation of IPv6 in IOS.

      The same in html [google.com] from Google.

      They say that by/in 2002 (hey thats now) they will have completed implementation of all IPv6 functions in the routers.

    • Whatever Cisco decides, it will be the consensus in the networking world. What they know that we don't is that they are in deep financial trouble. Their worldwide employee layoff figures last year were in the five-figures range. Their troubles started when they implemented a sophisticated market analysis system that predicted increasing router sales throughout 2001. That software was so "advanced" that they refused to believe their sales people when they started telling management that they couldn't possibly sell so many routers.
    • They already have. (Score:2, Informative)

      by qaggaz (148579)
      Cisco released IPv6 IOS images back in June with IOS 12.2(2)T. Note that this was the first commerical release, there was a earlier EFT release about for quite some time that served as a beta. The major features are there: IPv6 routing, support for stateless autoconfig, IPv6 address family support in MBGP, support for RIPng. No other routing protocols yet.

      You can check out Cisco's IPv6 page [cisco.com] for more information.

      Juniper also has IPv6 available, here how to configure IPv6 on JUNOS 5.1 [juniper.net].
    • In my case, there's only one thing holding back IPv6: my ISP doesn't support it. IPv6 is already completely integrated into my OS (FreeBSD), and effortless to set up. But it's useless until my ISP switches over.
    • by isdnip (49656) on Friday March 01, 2002 @12:02AM (#3088739)
      Cisco knows that IPv6 is a lose; they have to support it, but don't have to push it hard.

      IPv6 is a bad job, period. Most Slashdotters probably don't know its provenance. It has been around for about a decade. IETF created it as a compromise. IETF insider Steve Deering had created a poor-quality hack called SIP (Steve's IP) while insider Paul Francis (aka Tsuchiya) created one called PIP (Paul's IP). How bad? SIP, for instance, assigned all addresses by countries, based on population, and thus gave a shorter prefix to North Korea than to South Korea because it was a bit more populous in his almanac. IPv6 is PIP and SIP glommed together.

      Just before the time it was adopted, IETF had adopted a different replacement for IP, TUBA (which I think was also called IPv8). TUBA used a profile of the OSI Connectionless Network Protocol (CLNP). Cisco had already implemented it, along with CLNP's routing protocol, IS-IS. CLNP was elegant and flexible -- some of the OSI work stank, but CLNP and TP4 were gems. The only reason TUBA was dropped was because Vint Cerf, the Chauncey Gardner of the Internet (not really so smart, but he's famous for Being There), changed his vote and dropped TUBA support.

      Had Vint not been so perfidious, IPv8 would have been phased in before the public Internet boom of the mid-1990s. The code has been in Cisco and other vendor equipment for a decade.

      IPv6, on the other hand, has a wasteful 16-octet address field (only 8 octets are useful at a time) and does little else to solve IP's problems. It does NOT provide QoS (that's an urban legend) or security any better than IPv4 with its existing options. And given the inefficient assignment of IPv4 adresses in the past, the 32-bit field has a lot of life left.

      Think about VoIP: With IPv4, the header has 8 address octets, while the payload has to be short in order to minimize delay. And it's bloody inefficient. With IPv6, the header has 32 address octets while the payload is the same. It's a bleedin' joke! IPv6 is just plain wasteful.
  • It would cost mucho dinero to upgrade all the infrastructure to support it. But, IPv4 and IPv6 can coexist. The prob is that 50% of lan equipment isn't upgradable. Telcos wont want to float the bill, they'll pass the buck to you.

    Woot, most common excuse for downtime.... "upgrading."

    YAEUU: Yet Another Expensive Useless Upgrade
  • by nukey56 (455639) on Thursday February 28, 2002 @05:32PM (#3087241)
    IPv6 will fix a lot of problems, but one nasty side effect is that we're going to end up with addresses that look like 3ffe:400:34:fd01::1, instead of the easily memorizable four octets. When that day comes, it's going to be a lot harder to shout down the IP of the game server you're playing on down the hall.

    "Oh, I'm on three-f-f-e-four,four-zero-zero,three-four,f-d-zer o-one,not(?),one. What's taking you so long?!?"
  • by iPaul (559200) on Thursday February 28, 2002 @05:33PM (#3087244) Homepage

    IPV6 is better. Autoconfiguration, neighbor discovery, big address space, compatability with IPV4, etc. However, the more hacks we put in to make IPV4 work the harder it is to change. For the most part we're educating people to do "Stupid IPV4 Tricks" rather than moving to IPV6. The more of that we do the harder it is to change. Also, the more ominous the prospect of change, the more people will dread it.

    Frankly, I'm thinking we might see another round, like IPV7 (or IPV8 if they make a habit of skipping odd numbers), or it might come very late. Maybe we'll see it on phones and wireless devices before we see wide-spread adoption of IPV6 or general purpose networking.

    • IPV7 (or IPV8 if they make a habit of skipping odd numbers)

      Odd numbers are development numbers. Same thing with the minor version of the kernel. (2.1, 2.3,2.5 are dev versions).
      • Not really.
        IRC, IPv4 was the first publicly aviable and IP (as defined in RFC760).
        http://www.iana.org
        IPv5 was taken by the ST-II protocol, which was supposed to be the next Internet Protocol (at least in the eyes of its inventors). But it was based on connection-oriented routing. This lead to a great resitance in the internet community, which is generally opposed to the idea of connections and channels.
        It became experimental due to lack of support not by intend.

        Have a look at the Version-numbers [iana.org] as assigned by the IANA.

        For those to lazy to look it up.
        IPv7 is the "TP/IX: The Next Internet"
        IPv8 is "The P Internet Protocol"
        IPv9 is "TUBA"

        But some people [wide.ad.jp] are already joking that one will adopt an odd/even numbering scheme.
  • ISP incentive (Score:3, Redundant)

    by JDizzy (85499) on Thursday February 28, 2002 @05:34PM (#3087255) Homepage Journal
    A reward system needs to be enacted to entice the ISP's to provide unencumbered access to the 6-bone. ISP's that handle dial-up users can tunnel the ip4 traffic on behalf of their customers.
  • by popular (301484) on Thursday February 28, 2002 @05:38PM (#3087294) Homepage
    as soon as we USians switch to the metric system.
  • At the moment, IP VI is just a name to most network and systems administrators. My Linux boxes have VI support but I've never looked at it.

    When there's available information about where to get addresses, configuring routes, netmasks, gateways, setting up name services etc. All the admin stuff that's done on a daily basis with IP IV.

    At the moment nobody knows what they have to do in order to setup and use IP VI.

  • by Old time hacker (302793) on Thursday February 28, 2002 @05:43PM (#3087330)
    I think that IPv6 will take a significant amount of time to acheive widespread deployment in the US. Why? There are too many devices (cable/dsl router/firewall appliances) in use that don't support v6. While they may be flash upgradeable, I'm sure that the vendors would prefer to sell a new box which did support v6.

    I've thought about running v6 at home and connecting up to the 6bone. However, the list of instructions was long and complex, and it was unclear to me that my existing ipchains based firewall code would continue to protect me. It was also unclear that I could enhance the ipchains rules to protect myself.

    I quite like the idea of being able to expose multiple devices on different IP addresses, but it is (still) a non-trivial exercise.

    On a side note, I'd like to see more deployment of multicast -- this could help Internet Radio stations significantly in the future. Yes, there aren't good multicast clients at the moment, but that is because there is little multicast to listen to, and no way of getting multicast to the end user. Lobby your ISP for multicast!

    p.s. In case you think that I'm an idiot for not being able to configure IPv6 on Linux -- I'll tell you that I was kernel contributer in the pre-1.0 kernels.

  • OS vendors just need to start supporting it and network/system administrators need to start implementing it. For instance Solaris comes with the option of enabling IPV6 but keeping continued functionality with IPV4, it allows for migration. Openbsd does this as well I believe and I've started to see some Linux distro's do the same. Now all we need to do is actually implement it. Alot of people seem to be afraid of IPV6 because of the hex but if you spend a month or two with it; it becomes easier. I recommend some solid reading on IPV4 as well as the IP in general.

  • by wackybrit (321117) on Thursday February 28, 2002 @05:49PM (#3087370) Homepage Journal
    Some people have asked whether we can have both systems and 'switch' between them. Sure you can, but it's not worth it.

    As far as I recall (been a long time since I studied this), IPv6 and IPv4 can actually live and work together on the same network.. without being independent.

    That is, IPv6 can be used on the backbones and to connect the larger networks, but IPv4 can still be used at a more local level. Gateways can be established that will translate addresses and the benefits of having far more addresses available can be realized.

    However, one problem with running both protocols and using a gateway is that the only benefit you get is having more addresses.. but since we're running out of IP addresses with v4, this is kinda important. A local v4 and backbone v6 solution wouldn't help solve local DOS problems, or allow us to use any of v6's advanced features.

    But is an Internet wide upgrade to IPv6 really a viable thing to do? It'd be like converting the US to drive on the left side of the road overnight. Even if you did it state by state, you're gunna have major troubles at the state borders.. converting the Net over to IPv6 will be the same.

    That said, there is a network called the 6Bone [6bone.net] which you can join up to and actually play with IPv6 stuff from your existing IPv4 network. Go, and get your own IPv6 address today!

    (Disclaimer: As I said, I studied IP way too long ago, so any updates, corrections or just plain disagreements with my post are welcomed, and indeed encouraged.)
  • by MeowMeow Jones (233640) on Thursday February 28, 2002 @05:52PM (#3087385)
    Most of the people I know haven't even upgraded to IPv5 yet!

    Come on people, it's 2002!
  • ...unless the development speeds up fast.
    My experiences with IP6 and Debian woody:
    • inetd is fucked up accepts only connections to ::1, no other addresses supported which makes the box practically unreachable from outside
    • netstat/route etc don't support ip6, only ifconfig
    • if ip6 is supported then no or only crippled documentation existd
    These are only a few issus. Unless these thing get fixed fast then FreeBSD will replace Linux at most professional environments.
  • by puppetman (131489) on Thursday February 28, 2002 @05:56PM (#3087415) Homepage
    Heck, you are the only first-world nation that doesn't use metric, and that's easy to figure out.

    Yup, a ball and chain slowing down progress....
    • by Arandir (19206) on Thursday February 28, 2002 @11:51PM (#3088709) Homepage Journal
      The US hasn't switched to metric for a very simple reason: those of us living here, regardless of political affiliation, have a very strong individualistic streak. We don't just go change a system just because someone bigger than us tells us to. We spent a decade in the process of conversion and in the end we decided we didn't want the hassle.

      The metric system is still taught in schools, still used in industry, and still available on every milk carton from New York to San Fransisco. But we prefer the English system. We're individualists and that's our choice. Just because it isn't your choice is completely irrelevant.

      Oh, by the way, we've been using metric currency since day one, far sooner than most other countries did.
  • by wowbagger (69688) on Thursday February 28, 2002 @06:02PM (#3087459) Homepage Journal
    OK, I am about to say something that will make many of you who are knowledgable about IPV6 cringe, so take a deep breath and get over it now.

    When IPV6 is deployed, how do I prevent the machines on the inside of my firewall from being routable?

    Right now, my personal computer is on the inside of a NAT firewall. There is no way you can route a packet to it - go ahead, try to telnet to 10.200.120.4, I dare you.

    Now, I know there are those who say NAT CONSIDERED HARMFUL, and I agree in the general case it does break the essential peer to peer nature of TCP/IP.

    But what if I want to break it?

    How well tested are the Linux kernel modules for firewalling IPv6? Can I still protect my internal machines from the slings and arrows of outragous 5|<197 |<!66!3Z?
    • Someone asked:
      When IPV6 is deployed, how do I prevent the machines on the inside of my firewall from being routable?When IPV6 is deployed, how do I prevent the machines on the inside of my firewall from being routable?

      The answer is to use a "Site-Local" address for any device that you don't want seen outside your site. From RFC 2373:
      There are two types of local-use unicast addresses defined. These are Link-Local and Site-Local. The Link-Local is for use on a single link and the Site-Local is for use in a single site. Link-Local addresses have the following format: [...]


      Link-Local addresses are designed to be used for addressing on a single link for purposes such as auto-address configuration, neighbor discovery, or when no routers are present.

      Routers must not forward any packets with link-local source or destination addresses to other links.

      Site-Local addresses have the following format: [...]

      Site-Local addresses are designed to be used for addressing inside of a site without the need for a global prefix.

      Routers must not forward any packets with site-local source or destination addresses outside of the site.



    • how do I prevent the machines on the inside of my firewall from being routable?

      The same way you do that now: Using unroutable (i.e. private) addresses in your internal network instead of public ones.

      I might not remember this correctly, but I think IPV6 had a large set of private addresses for use in internal networks.

      Anyway, a firewall is always useful, because somebody at your USP could route to your internal network if you had forwarding enabled (which you have probably if you do NAT), and anyone at the internet can route you through source routing (although source routing can be disabled in Linux, and probably in any serious OS.)

    • by pHDNgell (410691) on Thursday February 28, 2002 @07:38PM (#3087934)
      While it may sound neat to say, ``go ahead, try to telnet to 10.200.120.4,'' it doesn't exactly work that way.

      Does this machine on 10.200.120.4 have the ability to make direct outbound connections? Assuming yes, does you realize that the only difference between an inbound connection and an outbound connection is who sent the first packet?

      Many people tend to believe that the *only* security risk they have to worry about is inbound SYN packets, so they base their entire security policy on stopping bad inbound packets. The last two sites I broke into, I did so by tricking a machine to come to me. Just for humor, here are the two scenarios:

      The first one was quite a while ago, and I did it at contract. A co-worker found a potential hole in a CGI, but nobody took it seriously. By sending the right data through the CGI, I found that I could make it execute arbitrary commands. First, I did some basic stuff (id; ls -lR /; etc...) and had it output the mail to me (couldn't see the output from the CGI). I figured out the web server user had a shell and a writable home directory, and the machine had ssh (client and server installed). I generated a private key and had it mail me the public version of that key, then I added it to my authorized_keys and installed my public key in the web server's authorized_keys. Then I had the web server user ssh to my host with remote port forwarding back into the web server's 22. ssh -p 2222 localhost and I'm sitting in a shell on the web server (192.168.something).

      The next time I saw something like this, it was out in the wild. There was a web server that was running a CGI that *seemed* like it was probably just handing the input over to a command, so I gave it a shot. This time, the web server didn't have a usable home directory, so the ssh thing was out, but it did have X installed, so I fired up a VNC server, opened it to the world and opened an xterm up in it. Before too long, I had an entire X desktop running on some guy's web server. I sent the local admin an E-mail (through pine) letting him know what was wrong and recommending he fix it before someone meaner than I am comes along.

      Anyway, point of the story. Having an unroutable IP address is good internet security as long as you keep it unrouted. Once you give the thing direct internet access, the unroutability of it becomes much less relevant.

      • by wowbagger (69688) on Thursday February 28, 2002 @07:58PM (#3087993) Homepage Journal
        Of course only blocking incoming connections is only a part of a security policy.

        However, both the examples you gave in your message required you to be able to connect to the target machine via HTTP and issue an HTTP GET request - therefor you had inbound connectivity to the target, just not inbound connectivity to J. Random Port.

        There is NO inbound port available to you. Not 80, not 22, not 25, nothing. The only inbound ports would be when I am FTPing down a file, if I am not running passive mode. However, since the firewall only allows traffic from the FTP server, you would either have to spoof that (and then all you would do is corrupt the file I am downloading) or hack the FTP server (same problem).

        And as to the other people who pointed out that I could use a site-local address: Of course, what do you think 10.200.120.4 is? However, NAT for IPv4 is very well tested, so my "unroutable" 10.x.x.x address is still able to get to /. (as this very post bears witness to). Would my IPv6 site-local address be able to do the same - in other words, is the state of NAT for IPv6 anywhere near IPv4? Considering the common opinion is that NAT is unneeded in IPv6, I very much doubt it.

        The great thing about my workstation being unroutable is that, should I be stupid enough to get a Trojan that announces itself to the 'net and says "I am at $address $port, come abuse me", if $address is not routable, this does very little good for the script kiddie - even if the system reports a traceroute so that he can follow it back, he STILL cannot route a packet to it.

        (now, this does not stop the Trojan from connecting to an [icq|http|SOAP|...] server and pulling its commands down, but as I stated at the first of this post, no one aspect of securing a system is sufficient - security is a journey, not a destination).
        • by cookd (72933) <.douglascook. .at. .juno.com.> on Thursday February 28, 2002 @11:24PM (#3088663) Journal
          That doesn't change what the guy is saying. NAT prevents another computer from initiating a connection to the internal network, but it doesn't prevent you from being hacked. A clever hacker can hijack existing connections, or convince you to open connections that aren't friendly.

          For example: you browse to www.ima.hacker.net. The page has code to exploit a browser vulerability, and the exploit code initiates a connection back to www.ima.hacker.net.

          Another problem is connection hijacking -- a hacker can send extra packets to a firewall that actually get through because they are marked as being from the same port and address as those of a real connection. This is especially easy if the hacker is able to sniff packets en route.

          Yes, being behind a NAT does reduce the risk of attacks: you probably only have to secure your client apps, not your server apps. But clients are vulnerable, too.

          Overall, IPv6 will be far more resistant to hacking. The designers had the wisdom of many years of IPv4 problems and security flaws to influence the design. Now it is much harder to spoof a packet. Now you can't sniff packet ID numbers. Any advantage that you are currently attributing to NAT can be gotten with a firewall, and much more reliably.

          Can't wait can't wait can't wait.
    • by scrytch (9198)
      When IPV6 is deployed, how do I prevent the machines on the inside of my firewall from being routable?

      Tell your firewall to not route it. The only reason 10.0.0.0 and 192.168.0.0 (I don't remember the class C one) are non-routable is because every single hop has wired into it the knowledge that those aren't routable.

      Plus, I have to imagine there are nonroutable IP6 blocks as well...
  • Interesting moot point... it seems that 3G licensees were going to require IPv6. Search for "IPv6" on various corporate and info sites:



    This long annoying sentence here to get around an annoying slashcode bug, because it can't count.

  • by kbonin (58917) on Thursday February 28, 2002 @06:04PM (#3087479) Homepage
    They have tons of money invested in hardware they don't want to replace. Sticking to IPv4 makes it easy to keep user bases behind short-lease DHCP, which helps to keep the average user from mounting a public server that'll eat bandwidth the ISP doesn't want to provide.

    Also a few Cisco points: 1) While some routers do support IPv6, the cheaper ones don't, and a decent percentage of older high end routers have routing algs implimented in semi-custom silicon - not software upgradable! 2) The enterprise network management software is lagging behind in IPv6 support last I heard (I used to work there), not much demand.

  • How to transition? (Score:4, Interesting)

    by A nonymous Coward (7548) on Thursday February 28, 2002 @06:12PM (#3087529)
    Suppose I take my home network (2 computers + 1 firewall), all running some form of highly modded Slackware, and switch the internal local net to IPv6 while leaving the connection from the firewall out as IPv4. Thus the 2 computers would be completely IPv6 while the firewall would have one IPv6 nic and one IPv4 nic. I have to change all dotted quad network addresses (such as in /etc/hosts); what else is there to do? Will existing software go along with the change without recompiling? Or even with a simple recompile?

    I bet there's some FAQ somewhere that someone will find using Googole. AIA
    • You'd also have to make sure that every network app running on those inside computers supports IPv6, and you'd need some sort of protocol translator on the gateway. For those reasons, I wouldn't suggest that scenario.

      I would suggest running both v4 and v6 on the inside machines and making the gateway into a 6to4 border router.
  • One thing I've noticed is that there's an awful lot of organizations (well, certainly a big handful) which have entire allocations of the old Class As. But virtually all their IP address space is hidden and non-public. People like the United States Postal Service (56.0.0.0 - 56.255.255.255), IBM (9.0.0.0 - 9.255.255.255). These organizations have barely a handful of publically-visible IP addresses, but these massive blocks in the IPv4 space. The USPS has 24 million IP addresses in their block, but probably less actually visible than a small Midwestern mom-and-pop ISP.

    Why aren't these organizations told that they have, say, 2 years to move to a private 10.x.x.x network, thus freeing many millions of IPv4 addresses, instead of forcing small organizations to come up with huge justifications for a very small number of addresses?
  • by chrysalis (50680) on Thursday February 28, 2002 @06:16PM (#3087562) Homepage
    A major showstopper may be Windows.

    Let's see. To be widely deployed on WAN networks, IPv6 should first be widely deployed on local LANs.

    It works very well on Unix systems. My little personal network has a bunch of OpenBSD and Linux boxes, 100% IPv6, and everything works like a charm.

    But what about Windows?

    I tried it with Windows 2000. Because the OS doesn't support IPv6 natively, I had to download a patch (and it's not very easy to find, I can't remember the exact URL, the link was posted on a ML a while ago) .

    Before the patch applied I had a big fat warning "Disclaimer: this is very alpha software, your OS can become extremely unstable. Don't call the Microsoft technical support any more after that, we won't answer" (the words were different, but it was the meaning) .

    And indeed. The system went very unstable, even for IPv4 requests. IE worked. *some* command-line tools worked. But third party packages like Mirc, CuteFTP and Opera crashed with no further warning.

    It looks like there's no effort in the Windows world to provide IPv6-enabled software. This is a major showstopper.

  • by t_allardyce (48447) on Thursday February 28, 2002 @06:30PM (#3087651) Journal
    How Long Until Widespread Deployment?

    About 15 years.

    After the introduction of the SSSCA in 2003, Microsoft dominated the US OS market. While other countries switched to IPv6, America was forced to use the proprietary protocal built into windows (thanks to auto-updates) which included advanced DRM, IP tracking and P2P restrictions - as a standard client, your computer could only connect to a 'server' i.e a Windows machine running Windows Server Edition with a valid federal license. The internet was effectively split in 2 - USA, and the rest of the world (troll: this didn't matter as most US citizens didn't know about the 'rest of the world' lol :)

    It wasn't until the great Microsoft witch hunt of 2017, when 4000 Microsoft employees where burnt at the stake after the SSSCA was lifted (well, not lifted per say, actually, someone just blew-up congress)
  • by Wesley Felter (138342) <wesley@felter.org> on Thursday February 28, 2002 @06:36PM (#3087685) Homepage
    Even if your ISP doesn't support IPv6, you can use 6to4 [google.com] to start using IPv6 today. It's much easier and more efficient than the 6bone. Since IPv6 allows a host to have multiple addresses, the eventual transition from 6to4 to native IPv6 will be seamless.
  • Never? (Score:5, Insightful)

    by Broccolist (52333) on Thursday February 28, 2002 @06:49PM (#3087743)
    I'm going out on a limb here, but has anyone considered that IPv6 may never get widespread acceptance?

    From the point of view of any individual organization, there are no reasons to switch to IPv6 right now. First movers receive no benefits at all: in fact, it only makes communicating with the rest of the (currently IPv4) internet more difficult. Moreover, I imagine that many businesses large enough to have an impact already have a large IPv4 address block, and have a vested interest in discouraging others from making the switch:

    1. There is no reason for them to pay for new routers
    2. A crowded IPv4 internet might allow them to loan out some of their in-demand addresses for extra profit.

    The various hacks available for IPv4 do the job. I can easily imagine a scenario where Cisco doesn't push IPv6 routers hard enough in the future, and people invest more and more in NATs and so forth, making a global switch harder and harder as time goes on.

    The fundamental problem is that IPv6 doesn't provide any short-term killer benefits, and that's what's necessary for an evolution to take place. My prediction (though predicting acceptance of technologies is always risky, so I may well turn out to be wrong) is that we will still be using an IPv4 internet in a decade.

  • Try freenet6.net (Score:4, Informative)

    by MavEtJu (241979) <slashdot@mave t j u . org> on Thursday February 28, 2002 @07:06PM (#3087819) Homepage
    If you are interested in playing with IPv6, try to get a tunnel via www.freenet6.net [freenet6.net].

    They're supporting devices running *BSD, Linux, Win*, Solaris, HP-UX and Cisco IOS.
  • I'll start using IPv6 when the backbones start using IPv6 and I can get IPv6 addresses from my ISP.
  • I can't wait... (Score:3, Insightful)

    by jbf (30261) on Thursday February 28, 2002 @08:14PM (#3088086)
    ...for IPv6 because...
    • ...I want my IP headers be twice as long
    • ...I want to go from 50% header overhead in Netmeeting to 75% header overhead
    • ...I want to include a 16-bit field (Flow ID) in my header that no-one has yet figured out how to use
    • ...I feel the need to address every atom on the face of the universe, and then some
    • ...I love IP addresses like 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
    • ...I like the idea that we'll all have to buy new copies of embedded hardware that are currently IPv4-only

  • I imagine I'd have to upgrade the firmware again.

    While my Linux box is configurable and my OS X box is probably configurable, I've got two OS9 boxes that I'll have to wait on Apple to convert.

    But I agree, IPv6 is the way to go.
  • The number of domains registered peaked a while back, and I think the number of Internet users dropped a bit last quarter. Is the number of IP addresses in use still increasing, or has that peaked, too.
  • by Guppy06 (410832) on Thursday February 28, 2002 @09:30PM (#3088316)
    The way I see it, there's a four phase cycle keeping IPv4 the standard for the internet for a long time to come.

    1.) ISPs want to charge more for sharing a connection and a smaller address space gives ISPs justification to charge more for corporate users than home users. They already heavily frown upon the use of NAT (unless you pay more for them to set up your LAN for you). So why don't the ISP's just separate the concepts of bandwitdth and addressing?

    2.) The backbone is overtaxed as it is. Currently the home user's connection speed is limited more by intermediate links than by their connection, even if the user is just using a 33.6 modem. A small address space provides an easy method of limiting bandwidth use. So why don't they just upgrade the backbone?

    3.) IP address space is the primary driving factor in connection costs, more so than bandwidth. Most tier 1's more or less own their address blocks and stand to make money hand over fist as the price of using a single address skyrockets. If a tier 1 wants to make more money, it makes better economic sense to buy more address space than to put in faster connections. So why not jump to IPv6 to increase the address space by an order of magnitude squared so the big guys can focus on the bandwidth trouble? Tier 1 folks will make money no matter what, right?

    4.) A larger address space opens up the ISP industry to small competitors. While most ISPs are owned or operated by large corporations that can afford the pricey IPv4 addresses, IPv6 stands to give every man, woman and child on the planet a bigger address space than many tier 1's currently have in IPv4. The low-level ISP scene under IPv6 could very well look a lot like the BBS/internet scene of ten years ago. Not to mention all the private little portals that could end up competing with MSN and Yahoo (with or without a DNS name). But still, the little guys could probably make a stab at making that happen with IPv4, using NAT to drive down the cost of a small IP address block. Why don't they do that?

    Lather, rinse, repeat.
  • by Skapare (16644) on Friday March 01, 2002 @12:09AM (#3088764) Homepage

    Offer free pr0n on IPv6 only servers.

  • IPv6 :: OSI (Score:3, Interesting)

    by igb (28052) on Friday March 01, 2002 @05:12AM (#3089256)
    The problem IPv6 has, confirmed by its enthusiastic reception by the EU, is that is
    the OSI of the 21st century (following on from
    ATM, the OSI of the 1990s). IPv6 solves a
    problem of 1992 --- proliferation of subnets,
    exhaustion of v4 space --- while other, incremental, changes did the job just as well.
    NAT and DHCP mean that huge ISPs don't need
    huge blocks, and the falling price of RAM means
    that large routing tables just aren't the problem
    they were. The Internet simply isn't a bunch
    of LSI-11s linked by 56K lines anymore, and I
    recall ``look, doing that will mean every router
    has to have a megabyte of RAM'' being used as
    an argument-ender.

    To compound things, IPv6 suffered from feature
    creep (see also: ATM, X.400, Modula 2 standards)
    and tried to solve a bunch of other problems as
    well, such as QoS. But _those_ were being
    solved in v4 land, too, with RSVP, and it's
    compatible and interworking with existing
    code. Those over 35 should compare the complex
    ``look, we need multi-part mail'' solution
    proposed by the X.400 lobby, which requires MTA
    support all the way, with MIME, which will pass
    transparently through any MTA.

    The final nail in v6's coffin is that, largely,
    it's not had the attention of the A team inside
    vendors, and has been seen as another add-on
    protocol, like OSI, ATM, etc.

    I think Vernon Shryver said a few years ago that
    he didn't expect universal IPv6 in his working
    lifetime. I don't (I'm 37), anymore than I ever
    expected my email address to because /O=...

    ian

"Well, social relevance is a schtick, like mysteries, social relevance, science fiction..." -- Art Spiegelman

Working...