Proposed IPv6 Cutover By 2011-01-01

IO ERROR writes "An internet-draft published this month calls for an IPv6 transition plan which would require all Internet-facing servers to have IPv6 connectivity on or before January 1, 2011. 'Engineer and author John Curran proposes that migration to IPv6 happen in three stages. The first stage, which would happen between now and the end of 2008, would be a preparatory stage in which organizations would start to run IPv6 servers, though these servers would not be considered by outside parties as production servers. The second stage, which would take place in 2009 and 2010, would require organizations to offer IPv6 for Internet-facing servers, which could be used as production servers by outside parties. Finally, in the third stage, starting in 2011, IPv6 must be in use by public-facing servers.' Then IPv4 can go away."

I am not trying to troll right now but...

[techiemikey (1126169)]

who is this guy and why does he control what happens with my internets?

Re:

[deftcoder (1090261)]

He sounds like an author of fiction to me...

If I see IPv6 implemented worldwide in my lifetime, I'll be really surprised.

Re:

[AGMW (594303)]

What I don't understand is why the IPv4 address space isn't mapped conveniently into the IPv6 address space (the first set of addresses ... ie 000.000.000.. ... then you can run both "internets" side by side. The major intenet trucks etc could be upgraded first (as required or as h/w gets old and needs replacing anyway), etc, until it is your choice if you want to see or use an IPv6 address, if you do, you just need to upgrade your end, and if you want to wait a bit, that can be your call!

But I must be mi

Re:I am not trying to troll right now but...

[Zarhan (415465)]

What I don't understand is why the IPv4 address space isn't mapped conveniently into the IPv6 address space (the first set of addresses ... ie 000.000.000.. ... then you can run both "internets" side by side.

It is.

http://en.wikipedia.org/wiki/IPv4_mapped_address [wikipedia.org]

There are even ways for reaching IPv4 hosts from IPv6.

http://en.wikipedia.org/wiki/Stateless_IP/ICMP_Tra nslation_algorithm [wikipedia.org]

Re:I am not trying to troll right now but...

[Spazmania (174582)]

How we do prove that we are truly running out of IPv4 address?

That's pretty much been done: http://www.potaroo.net/tools/ipv4/index.html [potaroo.net]

Re:

[arun_s (877518)]

This is actually already possible. There are at least two types of v4-compatible v6 addresses (the first one's deprecated, I think):

::127.0.0.1
2002::127.0.0.1

Anytime you move from a v4 to a v6 network, your gateway automatically prepends the 2002:: prefix to make your IP a v6 address. The problem here is that you have to have a public IPv4 address for this to work. If you're inside a NAT'ted network, your private address wouldn't be translatable to a corresponding v6 equivalent.
p.s. a link [twibble.org].

Re:

[complete loony (663508)]

Yes, the whole IPv4 address space exists in IPv6 see IPv4_mapped_address [wikipedia.org].

Re:

[notnAP (846325)]

Oh, just some guy who probably owns alot of stock in Cisco.

Re:

[halcyon1234 (834388)]

*ahem*

PROPOSED IPv6 Cutover.

Proposed.

Re:I am not trying to troll right now but...

[mrsbrisby (60242)]

I know John Curran as a troll on the PPML who brings up "IPV6 internet cutoff" every so often. He ignores all of the reasons why IPV6 isn't ready, and loudly proclaims people on *this Internet* (ipv4) are just holding back progress of his *other internet* (ipv6) which nobody is on.

He suggests charging people more for IPV4 allocations will speed IPV6 adoption and has no idea what an idiotic statement that is. He admits he doesn't care if raising the price of IPV4 allocations will simply drive smaller networks "out of business" as "they should be on IPV6 anyway". Meanwhile Google can afford it and nobody gives a shit about IPV6- they just want to use the same internet that Google is on.

He lies and says we're running out of addresses at a rate of 10-15 /8's per year. ARIN says we're going through about 3-4 a year (see the ipv4-allocation-assignments- this stuff is public even to nonmembers)

He has no migration plan besides "just replace all your hardware and software". It's about as stupid as the HDTV plan, which since I cannot record HDTV without buying illegal hardware, I'm not buying either.

Seriously, does anyone think an actual migration plan for something as big as - replace the entire Internet- would be authored by a single person that nobody outside of ARIN and IANA working bodies have heard of?

He's an idiot and an asshole.

Re:I am not trying to troll right now but...

[Percy_Blakeney (542178)]

He lies and says we're running out of addresses at a rate of 10-15 /8's per year. ARIN says we're going through about 3-4 a year (see the ipv4-allocation-assignments- this stuff is public even to nonmembers

No, he's not lying. You made the mistake of only looking at ARIN's numbers, which show IP usage in the Americas. Try looking at IANA's numbers [iana.org] instead and you'll see that the allocation of ~10 /8's per year is about right. So far this year, RIPE (covering Europe) has gotten 4 new blocks and APNIC (covering Asia) has gotten 5.

missing one thing

[badfish99 (826052)]

This is a great plan for switching over to IPv6. It's full of things that everyone MUST do. It's just missing one thing: if everyone ignores the plan and does nothing instead, how is it going to be enforced?

January 1st?

[Mike1024 (184871)]

You would think scheduling a big upgrade for the middle of the holiday season would be asking for trouble.

What's wrong with saying "the second weekend in February" or some similarly random date? It's a weekend so it won't interfere with business, but unlike new years day it won't mess with employees' personal lives too much.

There's a reason businesses and governments don't start their financial/tax years on the first of January, after all.

IPv6 PI needs sorting out first

[gagravarr (148765)]

One of the things holding back the deployment of IPv6 is the fact that IPv6 PI still isn't sorted. There has been some movement of late, but it's still not sorted. (PI = provider indepentent address space, PA = provider allocated)

Without PI, you can't do multihoming, unless you're a Ripe member (so you're multihoming on PA space). Lots of companies will only use IPv4 PI address blocks (so they're not tied to one provider), so won't try IPv6 until they can get a PI block. At work, we'd love to do IPv6 in production, but because we can't get an IPv6 PI block, we can't.

Until all the ripe regions roll out IPv6 PI, lots of companies that want to do production IPv6 just won't. It needs fixing

Re:

[igjeff (15314)]

Uhm...perhaps you're under a different RIR than I am, but my company has PI IPv6 space (North America), and working great (within the constraints that we're not fully deployed for IPv6 internally, yet, but that's in progress...we can ping6 from our border routers and such, so we've got the first building blocks in place and are moving forward with more).

Re:IPv6 PI needs sorting out first

[igjeff (15314)]

Here's a hint. When you fill out your justification forms. Include all your RFC1918 IP addresses (ie, 10.x.x.x, 172.16.x.x, 192.168.x.x, et al). Since there is no space reserved in IPv6 equivalent to RFC1918, meaning you generally need to allocate "global" IPv6 addresses for your internal systems as well, you can include your internal numbering space as part of the justification.

Otherwise, in North America, the criteria for getting IPv6 PI space is exactly the same as IPv4 PI space, and is based on your usage of IPv4 space...and since you can count the RFC1918 space in your justification, it actually ends up easier to get IPv6 space.

comments from elsewhere

[Spazmania (174582)]

This has been a hot topic on a number of lists. Some observations:

1. Neither John Curran nor the IETF has the the authority to bring this about, thus the use of the word "must" is misleading. Even if the regional internet registries supported this with policy that placed additional IPv4 addresses out of reach of those who did not deploy IPv6, far less than half of the content providers would be impacted within the proposed timeframe. Indeed, relatively few content providers come back for more addresses. Its mostly the transit providers which connect the end users who have a growing need for IP addresses.

2. The natural course of IPv4 depletion is more likely to drive conservation of IPv4 addresses than it is to drive IPv6 adoption. Business will tend towards this path because the incremental cost of conservation is small and the benefits are immediate while the cost of IPv6 deployment is large and the benefits are remote. Conservation might sound like a good thing but its actually very dangerous. It implies injecting many additional routes into the "default-free zone," which for complex technical reasons would decrease the overall stability of the Internet.

3. Existing policy at the regional registries serves to obstruct the deployment of IPv6. For example, in the Americas at ARIN, there is an additional $500 fee to receive IPv6 addresses in addition to whatever fees you pay for IPv4 addresses. That's a nuissance. More critical is the wide swath of legacy multihomed content providers who because they are too small don't qualify for IPv6 addresses from ARIN. Those folks can't get the so-called "provider-independent" addresses they need to connect via IPv6 in a technically comperable way to how they connect with IPv4.

Re:

[MikeBabcock (65886)]

When I as a good netizen went to look at getting my own IPv6 block for work, I realized it was way too much hassle, despite enough blocks obviously being available. Convincing our upstream provider(s) to give us blocks would require them bothering to go through that same hassle.

IPv6 works beautifully in an Intranet and LAN environment with autoconfiguration. IPv6 registries and routing are a problem however because nobody's* doing it.

*almost

Re:comments from elsewhere

[Fzz (153115)]

Yes, I agree with you. In particular, people often get confused by what MUST means in documents like this.

The MUST/SHOULD/MAY terminology in RFCs is to indicate levels of compliance with a specification. If this were a specification, or even a BCP (Best Current Practice) RFC [rfc-editor.org] document, then this might make sense. But it is intended to be an Informational RFC, which has no weight as a standard whatsover. So MUST/SHOULD/MAY terminology is completely inappropriate (in case you're wondering, yes I have written quite a few RFCs).

This document is an individual submission at the moment. Anyone can submit such a document; this does not indicate any level of support by the wider IETF, let alone anyone else. If the IETF were to take this on, and make it a BCP, then the terminology would indicate levels of support, and you could legitimately claim that an organization that did not comply was not providing standards-compliant service. It's possible this could embarrass an organization, but somehow I doubt it. However, if there were such a document, it might be possible for national governments to legislate compliance. Only then would it have any significant impact, but I think legislation here is unlikely and probably inappropriate.

Likely what will happen is that the regional registries will run out of address space to allocate in approximately three years from now (this is the current best estimate [potaroo.net] from Geoff Huston, who probably knows more about this than anyone else). ISPs will find it hard to get addresses after that, and a market will naturally emerge. Basically address space will become expensive. Also, there will be incentive to disaggregate currently aggregated address space, so more organizations can multihome. This will cause increasing routing table explosion in routers, and cause ISPs to need to either filter route advertisements (breaking multihoming) or upgrade routers (requiring them to spend money). And increasingly larger organizations will start to use NATs, making all sorts of applications harder to set up than they need to be. When your home NAT is behind your ISP's NAT, I suspect lots of things will break really badly. Maybe eventually the pain will get great enough that the switchover starts to reach critical mass, and only then will organizations actually allocate budget to make it happen.

There is a lot to be said in favour of moving forward in a less chaotic way that this, but I'm skeptical about the likelihood of that actually happening.

Heh!

[sheriff_p (138609)]

I love how the guy uses the word 'must' and 'Internet' in the same sentence!

This is so funny, I don't even know where to begin

[zerofoo (262795)]

Does the IETF even realize the scope of this project? Ignore everything else and just look at every ISP in the world....all of them....the big ones and the mom-and-pop shops.

Now every single one of them must have routing gear (and all the associated monitoring equipment) capable of IPv6, and the ability to manage the massive address space. I know ISPs right now that can barely handle their IPv4 infrastructure that has been in place for a decade. Now you are asking them, in the space of a few years to throw out their existing infrastructure and move completely to IPv6? That's rich.....

If the ISPs don't convert (or can't quickly convert) then no one else will.

-ted

Re:This is so funny, I don't even know where to be

[redirect 'slash' nil (1078939)]

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to introducing IPv6. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) We'll be stuck with it
(x) Users of the internet will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires immediate total cooperation from everybody at once
(x) Many internet users cannot afford to lose business or alienate potential employers
(x) The general public doesn't care about IPv6
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for the internet
( ) Open relays in foreign countries
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of new protocols
( ) Public reluctance to accept weird new forms of money
(x) Huge existing hardware investment in IPv4
( ) Susceptibility of protocols like IPv4 to attack
(x) Willingness of users to install OS patches
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Extreme stupidity on the part of internet users
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are affected by ISPs having to switch to a new protocol
( ) Windows

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
(x) IP protocol should not be the subject of legislation
(x) Cutoff dates suck
( ) We should be able to talk about Viagra without being censored
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) Managing dual v4 and v6 addresses is inconvenient
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:

[discogravy (455376)]

In the resources-on-your-equipment sense, the size of the tables matter and yes, you are correct. In the money-has-to-be-paid-for-equipment sense, the size of the tables in software is irrelevant. Many ISPs don't have "modern routers", particularly smaller ones, as your national/international providers have the scale and money to have regular and scheduled hardware upgrades. Cisco gets a lot of shit, but a large amount of their equipment just lasts and lasts. And if you're an ISP trying to cut corners, weee

IPv6 adoption will be lead by Asia

[by Anonymous Coward]

The biggest problem with IPv4 is that the way addresses were distributed totally screwed over Asian countries. There are single Universities in the US that have more assigned IP addresses than pretty much the entire Asian continent! There are places in China that now sit behind six layers of NAT.

Asia will lead, and anyone who wants to communicate with them will be forced to follow.

Re:IPv6 adoption will be lead by Asia

[Aerion (705544)]

There are single Universities in the US that have more assigned IP addresses than pretty much the entire Asian continent!

I think that there is actually a single University (or, shall we say, "Institute") that has that many IPs. But plenty of corporations or other organizations own Class A's as well.

We like our /8. Four static IPs for each student ... a /16 for each dorm (with one exception -- my dorm gets two). And, more infuriatingly, I'm sure, a /16 for each fraternity. Is it fair? Fuck no. But dem's da breaks. I wouldn't count on reallocation of IPv4 addresses any sooner than I'd count on a move to IPv6.

What services to change?

[pr0nbot (313417)]

Hmm...

Is there some crucial service under government control (like DNS root servers or something) that could be switched to IPv6-only in such a way that other systems would have to be configured to cope with both IPv4 and IPv6, thus making a later total switch to IPv6 less painful?

Only the address space difference?

[Jugalator (259273)]

Why do these articles only end up being commented about IPv6 improved address space?

IPv6 offers lots of tasty features because they took the opportunity to fix a lot of quirks in the IPv4 protocol while they were at it, and that offers real world advantages.

Things like host autoconfiguration and ad hoc networking, end-to-end IPSec support in the standard, larger datagram support for efficiency in fast networks.

Re:

[VGPowerlord (621254)]

I knew IPv6 addresses were 128 bits long, but I didn't realize that 64 of those are used for local addressing.

I mean, I can understand that this is done so MAC addresses can be mapped into it, but come on... all of IPv4 is 32-bits. Do we really need 64-bits for local addressing?

Re:not ready for prime time

[Da Fokka (94074)]

The larger address does allow for autoconfiguration. Apparently DHCP is not doing a good job at it.

Re:not ready for prime time

[Skapare (16644)]

The idea is that IPv6 addresses are a 2-part address. The first 64-bit part is the classification and routing. The second 64-bit part is the unique space, although literally that does not need to be. The idea is to eliminate error and complexity prone steps to map unique link layer addresses into globally routable addresses. Sure, this could have been done with a lot fewer addresses and still have enough for even the very largest networks. But then you'd have to ensure that no 2 hosts could end up with conflicting addresses. The gateway router could certainly do that, but if it gets rebooted, all the addresses might have to be changed because the map gets reset. By using link layer addresses, once the globally routable prefix is known, the host/interface addresses can remain constant even if the router is rebooted. One of the goals of IPv6 is more automatic configuration.

I think you're missing the point

[frovingslosh (582462)]

It's not a question if the new spec should be that large (it should, but that's not the issue). It's if we need a new spec at all. If you acknowledge that we need a new spec, IPv6 seems to be it. And it would be absurd to come up with some short sighted spec with smaller addresses just to get caught with limits again.

Also, don't fall into the all too common trap of looking at how large 2 to 128 is and thinking that ipv6 really provides that many unique addresses. You have to look at how the bits are used, the number of useable Internet addressable devices is much smaller. Perhaps even around the size you may be thinking we need. A new addressing system can provide some nice new features. Imagine the benifit of having a portable IP addres that is yours no matter what network you connect to or where in the world you move. Kind of like having a real truly portable telephone number. As all communication merges into IP address this will be both handy and important.

None of this should be taken to imply that I support the absurd cut over schedule in this thread. But there are some nice things designed in ipv6 and it will be a positive thing if the convesrion is done right, not switched over in a mad rush.

Re:not ready for prime time

[TheRaven64 (641858)]

It's related to the birthday paradox. This is not really a paradox, but is counter to intuitive thinking. It states that in a group of 23 randomly chosen people, there is a 50% chance that two will have the same birthday. While you only need 23 different days in the year for everyone in the group to have a different birthday, you need a lot more if the days are chosen at random. For stateless autoconfiguration you need n parties (where n is the maximum number you might want to put on a single network) to be able to pick unique numbers. The simplest way of doing that is to take an existing globally unique number; the MAC address. You could use a hash of some other unique information, but the smaller you make the hash, the greater the chance of collision.

Re:not ready for prime time

[zeromorph (1009305)]

Again? Did you just wait for a possibility to post the same junk again [slashdot.org], three years later?

No "Network Anonymiser Translation" this time, but an ethnic slur, great.

Re:not ready for prime time

[dk.r*nger (460754)]

Cisco routers suck at IPv6

You know, they might stop sucking if a large movement towards IPv6 caught momentum.

The world does not need more than the 4 billion addresses
available with IPv4, and I challenge you to come up with an
application that requires that many. Assuming that you can actually
come up with one, it could easily be solved with Network Address
Translation, or NAT as it is commonly known.

Challenge: 2 bln people in the relatively civilized world have, or will have in the near future, serveral of these items:
  - Home computer
  - Work computer
  - Laptop (private or work)
  - Cellphone(s)
  - Net connected appliances (TiVo, net music players, IP phones, home surveillance, alarms)

Each ideally needs its own address, and it's not hard to see how 4 bln addresses will be used up.

Solve it with NAT, you say. Sure - but actual interactivity is in higher and higher demand. Both my MythTV box and my laptop in most locations are NAT'ed. Save for my tinkering with NAT routing which is only for geeks, I can't get to my Myth box from the outside.

Another problem is the solution to the above problem - VPN. At my former job (a web consulting agancy) we were routinely given VPN access to clientsites. They were all setup with IPs in the range 192.168.X.nnn. We had no collisions of X, but we were a small firm, and it will happen.

IPv6 addresses are too large. An IPv6 address is 128 bits in size

I remember hearing the same argument against using FAT32. Although your point is quite valid, I think the world will recover, and quickly.

The IPv6 header is too large. ... minimum MTU supported must be 576 bytes. That means that where you
might have got 556 bytes of data in your IP packets, you now get 536
bytes.

I'm no expert, but didn't the world stop using minimum MTU for anything larger that that a while ago? If an MTU is size 1500 instead, the overhead is a whopping 1.3%, or downloading an extra 51 mb on your full, uncompressed 50gb bluray movie.

Yeah, it's not free of drawbacks, but progress seldom is.

Re:not ready for prime time

[Kjella (173770)]

the overhead is a whopping 1.3%, or downloading an extra 51 mb on your full, uncompressed 50gb bluray movie.

!) The bluray *image* may not be compressed, but the bluray *movie* is compressed to fit in 50GB
2) 1.3% of 50GB = 50000MB is somewhere around 500MB, not 50MB - you're off by a zero

Re:not ready for prime time

[igjeff (15314)]

At the risk of feeding the troll, I wanted to try to clear up some misconceptions.

1. Cisco routers suck at IPv6.

Anything reasonably current doesn't route IPv6 in software. Yes, there's legacy stuff out there that will have to be dealt with, but there are solutions to those legacy hardware deployments that aren't terribly arduous. But it does mean people need to get started dealing with this *NOW* rather than later.

2. There are too many addresses.

Uhm...so don't use them all. I'm not sure what sort of objection this is. "Oh, we can't do that because that solution will give us more resources than we need." Oh the horrors of not having to worry about running out of addresses, I'm not sure I can deal with that problem

3. IPv6 addresses are too large.

The ISP that I used to work for advertises 7 or 8 routes into the IPv4 default-free zone. With a move to IPv6, they could easily, without breaking a sweat, move to only advertising a single route. So, an IPv6 route would have to consume more than 8 *times* the memory that an IPv4 address does for it to be a loss for the routes that said ISP would advertise. Many enterprises advertise many many more routes than that in IPv4 and could drop down to a single (or very few) IPv6 routes. Yes, the memory footprint of each individual route in routers would be bigger, but the number of them will be significantly smaller, meaning overall router memory consumption will drop.

4. The IPv6 header is too large.

Ooh, 3.4% (and that's worst case)...I'm not sure the world can handle those sorts of inefficiencies. Yes, IPv6's larger header will drop data throughput efficiencies ever so slightly. That's better than the 100% drop in efficiency you'll have when you can't get an IPv4 address at all.

Re:

[Al Al Cool J (234559)]

3. IPv6 addresses are too large.

This is my main problem with IPv6. I've seen some excellent replies as to why this isn't really an issue on various technical grounds, including your reply. However it's not the technical issues that concern me.

Allow me to rephrase the objection:

3a. IPv6 addresses are too large for people.

I deal with IP addresses all the time. Few days go by where I'm not typing one into a computer for one reason or another, or reading one out over a phone to somebody. "Your in

Re:not ready for prime time

[someone300 (891284)]

• NAT is a horrible, horrible hack
• If IPv4 networks worked in 1980... it's 27 years later, I think computers can handle the increased memory requirements (and they do)
• IPv6 has Jumbograms
• IPv6 is for where every electronic device has one (or more) IP address, plus you generally need to assume at least 50% more than required for expansion purposes if you're an ISP.
• IP network have a MINIMUM MTU of 576 bytes... you can increase that
• Cisco will update their routers over the next 4 years... Corporate greediness isn't the fault of IPv6

Re:

[fyngyrz (762201)]

"...niggers..."

Political correctness: The peculiar idea that one can pick up a turd by its clean end.

It's urban dialect [wikipedia.org]. Nothing to get excited about (nothing to write to dictionary manufacturers and insist it be included, either.)

From the consumer standpoint, a cable/DSL modem or router with IPV4 in the house / business to IPV6 out on the net will keep most of the pain (other than a financial hit) away until or unless IPV6 is actually needed on the local side of the hardware; the router can hand

Re:

[Midnight Thunder (17205)]

So, what you're saying is, 512k is enough for anyone?

Nah, nothing is enough for anyone.

Re:not ready for prime time

[Doctor Memory (6336)]

Except for the N-word being used, this post is very informative

Excuse me? "IPv6 needs work because Cisco routers don't handle it well"? It's just a troll, get over it. Cisco's probably wringing their hands with glee, because this will help them push their next-generation made-for-IPv6 routers. And if they don't have a next-generation router that handles IPv6 well, then Juniper will (deservedly) eat their lunch.

The rest of the points in that post were similarly bogus. NAT sucks because it breaks the end-to-end IP model (which also breaks IPSec). It also requires the network to handle connections and maintain state. IPv6 also uses multicast for ARP resolution instead of broadcast, which means your NIC doesn't have to deal with a packet every time someone else on your subnet wants to contact a machine that isn't in their cache.

Re:Question

[pete-classic (75983)]

Aight, I put on my robe and wizard hat.

(I had to make an exception to the rule in my sig for that one!)

-Peter

Re:

[Col. Klink (retired) (11632)]

What's so hard to understand? Yes, you're web server faces the public. I, however, have several web servers at my organization that are NOT accessible to the public. If I want to keep them that way behind my firewall, I'd be free to do so under this plan.

Not all machines with IP addresses are public facing (cf. http://en.wikipedia.org/wiki/Private_network [wikipedia.org]).

Re:

[by Anonymous Coward]

I'm sure Switzerland's ISP's are neutral on IPv6.

Re:Yeah, that'll happen

[mrogers (85392)]

They create specs, then people half-implement them, and nothing changes.

That's exactly the problem with the IETF today. Back in the good old days they half-implemented things and then wrote the specs.

Re:Sounds more lke a wishlist

[mrsbrisby (60242)]

I don't think we're going to be able to do a clean cutover to IPv6 until most hardware/software vendors start shipping systems that require both IPv4 and IPv6 configuration to complete installation.

That's nice. We're going to need two things bigger than that:

• A way to upconvert IPV4 and ASN routing information so that I don't have to call my upstreams and ask them for permission to use IPV6 addressing and routing. A good start would be to make it mandatory to ASN holders at the end of a year. They can have an extension so long as any of their upstreams aren't ready (to protect smaller networks) but peer groups get penalized - say 500,000$USD for the first year.
• Something actually interesting that's IPV6 only so that end users will actually want.

Right now, users want to be on the Internet that Google is on. Small sites cannot add support for both networks because it's cost prohibitive. Make it cheaper for small companies to switch and more expensive for large companies not to if you need to force the issue. At this point, it'll probably be easier to come up with something interesting.

Oh and John Curran is an idiot.

Re:

[igjeff (15314)]

If they're a halfway clueful ISP, yes, you'll get more than one IPv6 address at your home. And, no, hopefully there will not be NAT in IPv6 world (someone will probably do it, but its stupid, "Just Say No to NAT"). NAT is evil crap, it breaks things for no real benefit (other than IP address conservation, which isn't needed in IPv6 world). NAT doesn't provide any security, stateful packet inspection and firewalling provides security (NAT provides the illusion of security because stateful inspection and f

Re:Are you serious or just burning karma?

[igjeff (15314)]

I'm being completely serious.

NAT (ie, the mangling of IP addresses) doesn't give you any security whatsoever. Putting your box in the DMZ isn't bypassing the NAT, its just setting up a different type of NAT.

The security that you get behind your NAT device is because the device necessarily has stateful packet inspection and filtering engine...because dynamic NAT doesn't work without it...its the stateful inspection and filtering that gives you the security, not the NAT/mangling of the IP addresses.

You could stick a stateful inspection and filtering device that denies inbound connections by default in your laptop travel bag and have exactly the same level of security, without breaking useful applications like NetMeeting (admittedly dated), and other useful applications that connect directly client to client.

Re:

[FireFury03 (653718)]

My ISP only allows me one dynamic address... I use a NAT router (with their blessing) and have several machines at honme. With IPV6, is there still NAT routing?

You can do NAT but it is strongly discouraged (it's basically reserved for situations where you need to move machines between networks, rather than sharing of a single address between multiple devices). Your ISP _should_ give you at least a /64 IPv6 network (if you make each network a /64 then IPv6 autoconfiguration works, which makes everyone's lif

Re:

[Just Some Guy (3352)]

IPv4 works for me today and will work for me in the future.

No it doesn't, and no it won't. Right now, only the relatively rich can afford more than a handful of public addresses, so only they can afford to host the services they want (where "services" includes things like "being able to sync your smartphone's calendar with the office Exchange server", not just customer-centric applications). Also, it's all but impossible to do things like direct peer-to-peer VOIP between two random hosts behind NATted routers; you have to have a broker somewhere in the middle t