Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet

MIT Technology Review Slams IPv6 709

PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
This discussion has been archived. No new comments can be posted.

MIT Technology Review Slams IPv6

Comments Filter:
  • ...by David Weekly [weekly.org] can be found here [weekly.org].

    Good summary of CIDR and NATing adoption, too.
    • Once upon a time, the entire internet was shut down for a day or so to switch over to IPV4. We survived. I suspect we would survive the switchover to IPV6, especially since it won't require a complete shutdown. It will be a lot like the current situation for VGA monitors; nobody really worries too much about the folks still running 640x480 anymore. Likewise, when IPV6 starts to take over, people will gradually switch over until a critical mass develops, after which the rest of the world will follow very quickly. Then after a while, most of the world will stop catering to anybody still running V4. That doesn't mean that everybody will switch then, but the ones that don't will simply pay the price in inconvenience.

      I didn't really follow the assertion that V6 would be less secure -- I expect that any such problem will be quickly fixed, and probably long before the majority of folks actually make the switch. As for the timing, I don't think it will be as long as Mr. Weekly says. I think that 2005 is a reasonable prediction for V6 reaching critical mass.
      --
      Insurance for H1-Bs: http://www.H1Bins.com
      Healthcare for the uninsurable: http://www.AFFHC.com
      Medigap insurance information: http://medigap.supremesite.net
      • "I think that 2005 is a reasonable prediction for V6 reaching critical mass." Do you realize that that isn't even economically feasible? That would require such a huge amount of switches and other network equipment to be replaced in the course of a year that the costs would be unimaginable. I imagine that half the internet (I dont know what you consider "critical mass" to be) will not be using IPv6 before 2007.
        • by cyclist1200 ( 513080 ) on Sunday January 11, 2004 @11:04PM (#7949437) Homepage
          Yes, routers will have to be updated, if they aren't already IPv6 capable. Switches and most other gear work at different network layers and don't deal with IP addresses at all. Switches and bridges, for example, are only concerned with MAC addresses.
  • MIT is one to talk (Score:5, Insightful)

    by mphase ( 644838 ) on Sunday January 11, 2004 @07:13PM (#7947917) Homepage
    MIT is one of the great hogs of current IP addresses, maybe if issues like this were addressed no knew system would be neccesary.
    • by m3j00 ( 606453 ) <<moc.liamg> <ta> <uoyeem>> on Sunday January 11, 2004 @07:23PM (#7947973)
      i believe they have a full class a, right? so that's ~1/255th of the possible usable ip addresses on the internet? (not taking into account non-routable ip addresses)
    • by Anonymous Coward on Sunday January 11, 2004 @07:36PM (#7948077)
      They are not wasting IP addresses frivolously, they are simply reserving them for alumni ... for the next 16,000 years.
    • by Hanji ( 626246 ) on Sunday January 11, 2004 @07:57PM (#7948213)
      Although addressing issues like that will delay the time at which we will have to deal with the shortage, it doesn't solve the problem.

      IPv6 isn't just about having enough IPs for all the computers in the world. It's about having enough IPs for all the *anything* in the world - your toaster, your house-cleaning robot, whatever. Even things like RFID tags could potentially be given their own subset of the IPv6 address space - it's that huge.

      Using the IPv4 space more efficiently might deal with the problem for a while, but it will not allow the expansion IPv6 would.
    • by smiff ( 578693 ) on Sunday January 11, 2004 @08:06PM (#7948272)
      I wouldn't put a whole lot of faith in what Technology Review has to say. With a quick look at their staff [technologyreview.com] you will see where their priorities lay. They have one fact checker and 26 people involved in marketing and advertising.

      They may have once been a reputable magazine, but since Bruce Journey [technologyreview.com] took over, they are more concerned with selling magazines than quality reporting. Mr. Journey used to work for such rags as Time and TV Sports. When appointing Mr. Journey to lead Technology Review, William Hecht said [mit.edu]:

      "Technology Review has long been highly regarded for its editorial excellence," Mr. Hecht said. "It is now time for MIT to invest in its commercial potential. With the appointment of Mr. Journey, we have begun the effort to secure a prominent place for Technology Review in the competitive world of commercial publishing."

      Besides that, Technology Review is twice removed from MIT. They are run by the Association of Alumni and Alumnae of the Massachusetts Institute of Technology which is loosely associated with MIT.

      I would really like to know why Slashdot keeps posting fantastical stories from that ratings-driven rag.

      • Mainly because, if all of MIT Tech Review is indeed FUD as you say, then it's time we start countering it and countering it big time.

        Most people (suits anyway) would look at the MIT name, and believe anything stated in the mag; with enough discussion here on /. and elsewhere, the techies of the world will have enough points on their hands to take it to their bosses and say exactly why the Review shouldn't be believed.

    • by marauder404 ( 553310 ) <marauder404 @ y a h o o.com> on Sunday January 11, 2004 @08:24PM (#7948390)
      The allocation of Class A networks is not the problem. There are still Class A networks that are marked as "reserved" and are not really being used. The inefficiency in the distribution of the networks is the problem.

      If you are going to pick on Class A owners, then I think there are plenty you can pick on before MIT. HP owns both the 15 and 16 spaces (16 was DEC, bought by Compaq, and now owned by HP). GE, Halliburton, Xerox, Apple, BBN (x2), FoMoCo, Prudential, Eli Lily, and even the US Postal Service are all official owners of at least a Class A network.
  • untested code... (Score:5, Insightful)

    by awing0 ( 545366 ) <adam&badtech,org> on Sunday January 11, 2004 @07:14PM (#7947918) Homepage
    Well sure the ipv6 code isn't as tested as ipv4 and might be insecure at first... But did that stop the internet from being built on ipv4? It's a stupid argument against upgrading to a new technology.
    • by Anonymous Coward on Sunday January 11, 2004 @07:16PM (#7947936)
      Nothing will get a protocol fixed and secure faster than having people use it.

    • Isn't the whole point of Internet2 to test advanced networking technology like IPv6 to ensure it is ready for primetime?
      • You would think that, but we just use it for warez and mp3s right now. If students had written the RFC for IPv6, it would be something like:

        "D00d we need warez trading 2 organize n shit ok thx"
  • Excuse me but... (Score:5, Insightful)

    by Malicious ( 567158 ) on Sunday January 11, 2004 @07:15PM (#7947927)
    Correct/Mod me if I'm wrong, but aren't the main uses of the internet Porn and P2P? However according to MIT encouraging "evil" P2P is wrong?

    Sure, they're not exactly the most honourable or squeaky clean businesses on the planet, but they sure as hell are the most popular.

    • Re:Excuse me but... (Score:5, Informative)

      by !ramirez ( 106823 ) on Sunday January 11, 2004 @07:25PM (#7947995)
      IP layer stuff (OSI model layer 3) is transparent to the layers both above and below it; you can easily map IPv4 addresses (as well as DNS entries) onto IPv6 addresses as long as you have a protocol stack capable of parsing the IPv6 stuff. Nothing new.

      Remember people, IPv6 has been around in RFC form since December 1998 (5 years) - the adoption rate simply hasn't matched what was seemingly necessary.

      Besides, ARIN isn't even close to full address depletion. There's so many spare /8's out there, that I imagine we could go on for at least another 3 before widescale implementation.
    • Re:Excuse me but... (Score:5, Informative)

      by AEton ( 654737 ) on Sunday January 11, 2004 @07:29PM (#7948024)
      Maybe I read the wrong article, but I don't think he said that at all. The gist of the article is this:
      1) I will define 'IP' for you now
      2) This is why we need more Internet addresses (something above and beyond IPv4)
      3) One problem with IPv6 is that no one uses it now. So the best thing to do is to make dual v4/v6 machines. But then you can never make v6 only because someone will always have v4. (wtf? 'we can never adopt v6 because we have not yet adopted v6'?)
      4) NAT is super evil because its security is "a mirage"
      5) The RIAA and MPAA will probably hate IPv6 because people can connect to each other more
      6) IPv6 will only be introduced in the US when a government supplier wants it

      I think that timothy must've posted this without reading the article itself -- or I've read the wrong article -- but the article author _NEVER_ says 'untested and therefore insecure', only talks about the increase in p2p applications as 'interesting' and likely to be opposed by the *AA, and the problems posed by inertia in the US as opposed to adoption in Asia.
      NOWHERE does he slam IPv6 - he seems rather happy about it, in fact.
      • Re:Excuse me but... (Score:3, Informative)

        by sir99 ( 517110 )

        I think that timothy must've posted this without reading the article itself -- or I've read the wrong article -- but the article author _NEVER_ says 'untested and therefore insecure'....

        Not in those exact words, but he pretty much does. From the article:

        Yet another problem with IPv6 has to do with all of the impending security problems it will cause.... But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code i

      • Re:Excuse me but... (Score:5, Informative)

        by Octorian ( 14086 ) on Sunday January 11, 2004 @08:09PM (#7948285) Homepage
        Actually, the government in the US is already planning IPv6 migration, and there are mandates for the DoD to go to IPv6 by 2008. Sure, that's a few years off, but it means that in the mean time there will be many pilot programs and gradual migrations. It is going to happen, and even if the corporate world lags, the gov't will be pusing it.
  • by Anonymous Coward on Sunday January 11, 2004 @07:15PM (#7947934)
    security and functionality over speed. Speed will catch up, eventually. doing NAT everywhere sucks. If speed is the biggest con, then, well, there is no con.
  • Oops (Score:5, Insightful)

    by PacoTaco ( 577292 ) on Sunday January 11, 2004 @07:20PM (#7947958)
    Let's play "count the technical mistakes." I'll start:

    The result of this decision made nearly 30 years ago is that the Internet simply cannot handle more than 2^32 or 4,294,967,296 devices.

  • by thogard ( 43403 ) on Sunday January 11, 2004 @07:20PM (#7947959) Homepage
    I thought we were running out of /20 assignment blocks, not addresses.

    Of course if you increase the number of assignment blocks, routers will need more memory and were back to the same reason no one will route a /28 anymore except the IPv6 approach ends up using 4x the memory for each address.
  • by i.r.id10t ( 595143 ) on Sunday January 11, 2004 @07:21PM (#7947964)
    Hey MIT - do you really need/use all 16.7 million IPv4 rotable addresses you have? Why not share a few?
  • NAT is bad? (Score:4, Interesting)

    by TwistedSquare ( 650445 ) on Sunday January 11, 2004 @07:24PM (#7947984) Homepage
    Interesting... The author slates NAT for being an easy security option, causing firewalling problems and not letting each device have its own IP. Then he seems to fail to mention that letting each device have its own IP opens up a whole host of possible attacks. Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?
    • Re:NAT is bad? (Score:3, Interesting)

      by PCM2 ( 4486 )

      Then he seems to fail to mention that letting each device have its own IP opens up a whole host of possible attacks.

      No, that actually seems to be one of the main thrusts of his article...that IPv6 gives every machine its own address, opening up all sorts of security problems.

      Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?

      Here, however, you seem to be confusing the function of a NAT with the function of a firewall.

      In all honesty, though, mo

      • Re:NAT is bad? (Score:5, Informative)

        by anthonyrcalgary ( 622205 ) on Sunday January 11, 2004 @08:26PM (#7948404)
        The problem with NAT is that it breaks some protocols, eg FTP. The protocol says something like "My IP address is X, make a connection back to me.", but with NAT the computer reports its IP as something that's not a valid public address. That not only breaks some protocols, but you can use that to tunnel in past a firewall onto a private network in some cases.

        The other problem is more aesthetic than anything... but it can be a problem if the NAT device is badly configured. Because it has to translate incoming and outgoing packets, the NAT device must track the state of the incoming and outgoing connections. This takes memory, and sometimes there's not really any way for the NAT device to tell when the connection has been severed. So it has to time them out, and this can result in connections evaporating without warning when the server and the client want them to stay open.

        Fortunately, you can usually set this to something more reasonable with OpenBSD or Linux (or another BSD, Solaris, whatever). OpenBSD 3.4 with "set optimization conservative" waits 5 days. I've never had any problems with that, but it's tweakable if necessary.
    • What I'm looking forward to is having to apply weekly firewall updates to my friggin' toaster.

      NAT is a good idea for certain limited applications. Internet-enabled dishwasher? No problem*. Web browsing cell phone? Perfect. But for a general purpose computer running arbitrary applications, it's very constraining. Just look at the discussion surrounding Speakfreely [slashdot.org] and you can see some of the problems that happen when you turn on NAT. Basically, you turn a computer into a consumer of Internet servic
      • Re:NAT is bad? (Score:5, Interesting)

        by tftp ( 111690 ) on Sunday January 11, 2004 @09:21PM (#7948744) Homepage
        Though I'm still curious why my appliances need to surf the web.

        Your appliances can surf the Web even through NAT, it is perfect for that. The difference begins when your service center can ssh into your fridge and troubleshoot it remotely. That you can not have with a standard, untweaked NAT.

        This is not a contrived example, BTW. I have a fridge in my rental apartment which sometimes vibrates a lot, but often it does not. Since I don't own the fridge, I don't care as long as it's minor. But a properly designed modern fridge would be able to monitor itself, signal the service center when something bad happens, and upload the diagnostics data for the mechanic to see.

        As another example, I have a bread maker. It has a timer, but how would I know when I am going home a whole working day ahead? So I don't use it. If I have an internet connection to the bread maker, I could begin the baking cycle 3 hours before going home, and get a nice loaf exactly when I need it.

        It is also hard to argue that you'd like to ssh into your VCR or Tivo and program them to record something that you just remembered. More than once people called me and asked to tape Buffy or something because they forgot :-)

        Some of my friends are seriously involved with home automation. They have tons of gadgets, sensors, motors and everything else. Currently, a Web server is used to control all that. But that is extra complexity. With IPv6 you add devices as you need them, and they are instantly online, accessible to you as long as you have the IPSec key or whatever you choose to secure them.

  • Garfinkel Math (Score:5, Informative)

    by atheos ( 192468 ) on Sunday January 11, 2004 @07:25PM (#7947999) Homepage

    most experts think that the V4 routers simply couldn't keep up if the Internet's backbone were suddenly switched over to IPv6--the router hardwarewould have to be upgraded, which would be very expensive. Most corporations would face similar upgrades. At a medium-sized business with perhaps 16 high-speed routers, the cost would easily exceed $1 million.


    Damn,
    with only 3 routers at the medium-sized business I work
    for, this is going to cost us $187,500 !!!
    No IPV6 for us
    • Re:Garfinkel Math (Score:3, Insightful)

      by iabervon ( 1971 )
      When the internet's backbone switched to IPv6, they set it up to tunnel IPv4 over it. That's why most experts still talk about it like it's something in the future. IPv6 is actually faster and more convenient for routing, which is why the backbone routers have already switched. Furthermore, there is support built in for tunnelling your IPv6 over IPv4, so that you can have an IPv4 internal network which works perfectly well with an IPv6 upstream provider (your routers don't have to be very smart; all of the
  • by retrosteve ( 77918 ) on Sunday January 11, 2004 @07:26PM (#7948003) Homepage Journal
    Interesting to compare Garfinkel's view on IPv6 vs NAT (IPv6 'encourages Peer-to-peer copyright violations') with John Walker's announcement today [fourmilab.ch] that he's Withdrawing Speak Freely [slashdot.org] due to the takeover of NAT.


    Walker sees NAT as encroaching oppression by the "powers that be", whereas Garfinkel seems to take the "powers that be" point of view! Simson how you've changed!


    In fact, Walker is skeptical that even IPv6 could promote "consumers" back to "peers":


    First of all, any bets on when IPv6 will actually be implemented end-to-end for a substantial percentage of individual Internet users? And even if it were, don't bet on NAT going away. Certainly it will change, but once the powers that be have demoted Internet users from peers to consumers, I don't think they're likely to turn around and re-empower them just because the address space is now big enough.


    • Walker sees NAT as encroaching oppression by the "powers that be", whereas Garfinkel seems to take the "powers that be" point of view!

      Seems to me that they are saying much the same thing. Walker [fourmilab.ch]:

      There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they

      love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to

  • When to drop IPv4 (Score:4, Insightful)

    by rcw-home ( 122017 ) on Sunday January 11, 2004 @07:26PM (#7948006)
    From the article:

    One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.

    I think that admins will find themselves not bothering with IPv4 for individual things at their site when they find themselves out of IPv4 addresses for less-critical things.

    For example, pretend it's 2008 and IPv6 is commonplace. You have a IPv4 /28 from your provider. You also have an IPv6 /48. The /28 has been fully allocated since 2006. Your www.yourcompany.com server will have an ordinary A record pointing IPv4 users at it for a long time yet, but what's your plan to let people on the outside get to your [insert-not-entirely-mission-critical-thingy-here] server (that happens to work with IPv6)?

    It's an even easier decision if you, as a home user, get a single static IPv4 address for your DSL line as well as an IPv6 /48.

    • by LostCluster ( 625375 ) * on Sunday January 11, 2004 @07:33PM (#7948064)
      Unless IPv4 is "unplugged", there's no hard reason for the end user to switch to IPv6. Right now, everything in my house that wants an IP address can have a 10.x.x.x address behind my NAT, and those that need to have a dedicated port can have their port forwarded at the router.

      Nobody's going to run out of IPv4 addresses if they can set up a NAT, which is why IPv6 is waiting to jump in during a crisis that just isn't coming.
      • by spongman ( 182339 ) on Sunday January 11, 2004 @09:19PM (#7948737)
        The problem is that forwarding ports on a NAT router is not an easy task for the average home user, especially since router configuration varies wildly between mnufacturers.

        The current solutions to this are:

        • IPv6
        • UPnP
        Fortunately, the two are compatible (since UPnP v2.0), but I see UPnP being deployed more rapidly than IPv6 in the future.
  • Hurmph (Score:5, Interesting)

    by fazil ( 62946 ) on Sunday January 11, 2004 @07:30PM (#7948030) Homepage
    "It will be the biggest, the most drastic, and the most comprehensive change to the underlying structure of the Internet in more than 20 years. "

    I'd love that thought applied to space.. It's so confusing, and hard to do, we should tuck our tail between our legs and run! This change will happen one router at a time.. correct me if I'm wrong.. but I do believe IPv4 addresses will coexist with IPv6. And lets face it.. for the most part, this will be done my highly experienced techs at the ISPs, and filter down to very experienced end users at business. Dialup and High Speed users could use IPv4 for ages sitting behind their ISP's big gateways.

    "The deployment of IPv6--the sixth version of the Internet Protocol--will be a massive undertaking that will require the reconfiguration of more than 100 million computers."

    It's not like this will happen over night.. and one day all the end users (hi mom) will have to become IPv6 Gurus. Once again, we're back to.. It's hard.. lets run away.

    "But when the IPv6 rollout is finally done, not all the effects will be positive"

    Argh.. this guy bugs me.. He seems to totally forget about the evolution of software.. Of course it'll be slow at the beginning.. then some company like Nortel will put it all into a hightech ASIC chip.. and we'll leave IPv4 in the dust. For each of his arguements.. there's a swell counter arguement, that's never far from reach.

    Faz
  • by juglugs ( 652924 ) on Sunday January 11, 2004 @07:30PM (#7948031) Homepage
    Quote: "Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever."

    I bet they said that when IPv4 was invented.

  • by Quirk ( 36086 ) on Sunday January 11, 2004 @07:30PM (#7948037) Homepage Journal
    "Japan, China and South Korea will jointly develop the next-generation Internet technology IPv6 [taipeitimes.com], aiming to have the global standard for the technology set in Asia, the Nihon Keizai Shimbun reported yesterday.

    US firms now dominate the market for equipment like routers that serve as the infrastructure for the current IPv4-based Internet.

    By working together, the three countries aim to take the lead in developing technologies for a world in which all equipment is connected to the Internet"
  • Lower security?? (Score:4, Insightful)

    by gladmac ( 729908 ) on Sunday January 11, 2004 @07:31PM (#7948049) Homepage
    There is absolutely no security requirement! Security is supposed to be applied in other layers, with SSL and stuff running on top of an assumed unsecure link.

    It would be *nice* if there was better encryption support at low levels, to overall prevent information leaking, but even total lack of such features would mean no step back from IPv4.
  • by isdnip ( 49656 ) on Sunday January 11, 2004 @07:32PM (#7948053)
    Simson's right in denying IPv6's short-term inevitability, but he's still being too easy on it! IPv6 is just plain dumb. He should say it.

    IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths. We need this? It is not even using its 128 bits efficiently. The general approach is to use the top half to identify the network and the bottom half to include the 48-bit MAC address of the computer. That was a clever hack in 1985 when proposed for DECnet Phase V (which never caught on) and became an approach in OSI CLNP. But that was not for a public spammer-ridden insecure Internet. Now it is a security and privacy hole to do that. It also means the 128 bits are not used efficiently -- we are tight with 32 bits, but an address for every atom?

    IPv6 also does nothing for QoS (ignore the hype, which is based on a misunderstanding) and nothing for security (IPsec works just fine with v4). It just wastes bandwidth. So it does something for, oh, MCI. No wonder Vint (the Chauncey Gardner of the Internet) likes it! And Sprint, AT&T and VeriZontal. Great.

    IPv4 could use a decent replacement some day, but IPv6 is everything you don't like about v4, and more. Eccch. A dozen years since it was "adopted" and it's gone nowhere, for good reason. The Asians weren't so involved with IETF at the time, to know the messy politics behind it. And btw the whole thing about their not having addresses is false; there is plenty of space left in the IPv4 space waiting to be allocated where needed. China can have more, as they provide more and more spam relays for the h3rb@1-v14gr4 crowd.
    • Typical (Score:3, Insightful)

      by Mark_MF-WN ( 678030 )

      Ever wonder why only Americans complain about IPv4?

      Isn't funny how Asian nations, which you ignorantly claim have so many IPv4 addresses available, are the principal backers of IPv6 right now?

      Don't feel bad -- most people are incapable of believing in any problem that doesn't affect them personally.

    • That's all well and good, but how many people will get your Chauncey Gardner reference? How many slashdotters even know who Peter Sellers was?

      How come I can't get no Tang 'round here?
    • by X ( 1235 ) <x@xman.org> on Sunday January 11, 2004 @11:48PM (#7949681) Homepage Journal
      IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths.

      Just some sanity checking here: IPv6 headers are only 2x the size of IPv4 headers. Folks with truly constrained bandwidth (like dialup users) can do what they do now: compress the headers (which btw, should be easier to do with IPv6). Anyway, given how much dark fiber is out there right now and how network technology continues to improve bandwidth at a pace that makes Moore's law seem kind of conservative, I think we can afford to make our headers 2x as large, particularly if it allows our routing tables to be smaller and our routing to be more efficient in general. In our current scheme, IPv4 throws away a lot of performance that IPv6 gets us back. The assumption that IPv6 is going to kill performance is rediculous.
  • *NEED* (Score:3, Insightful)

    by fazil ( 62946 ) on Sunday January 11, 2004 @07:34PM (#7948067) Homepage
    Typical American Ethno-Centric viewpoint.

    We'll *HAVE* to move to IPv6 when the third world finally gets connected! China 1+ billion people.. India 1+ billion people.. it starts to add up!

    Americans.. a whole world exists outside of your borders you know.
  • by Anonymous Coward on Sunday January 11, 2004 @07:37PM (#7948091)
    Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
    On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).

    IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)

    He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.

    refs:

    IPv6 FAQ [iij.ad.jp]

    Routing [66.102.7.104]

    (IPv6 has less headers => faster routing

    (Better QoS => more efficient network

    (etc.)
  • by no_choice ( 558243 ) on Sunday January 11, 2004 @07:43PM (#7948128)

    Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.

    I have no strong opinions on the technical merits of IPv6 but I want to address the above statement, and the (IMHO) wrongheaded mentality behind it.

    Why should the fact that these monopolistic groups oppose new, useful technologies, lead anyone to the conclusion that those technologies should be abandoned? Shouldn't we rather abolish the MPAA and RIAA?

    When the light bulb was invented, did anyone argue we should abandon it because the candlestick industry would oppose it?

    The truth is that new digital technologies are making "content" businesses like those represented by the *AA's obsolete. There is no benefit to society to engage in costly, counterproductive and futile "wars" against P2P and other useful new technologies in the name of enforcing "intelectual property" laws created in a different era that now benefit only special interests and not the public interest.

    • There is no wrongheaded mentality in the statement you quoted. He did not "conclude" that the technology "should be abandoned", he merely stated what the RIAA/MPAA likely reaction to it would be.
  • 5? (Score:5, Funny)

    by ArsonPanda ( 647069 ) on Sunday January 11, 2004 @07:54PM (#7948198)
    Everyone seems to be switching from Linux 2.4.x to 2.6.x
    Now we're going from IPv4 to IPv6

    What the fuck do you people have against the number 5?
  • by Junta ( 36770 ) on Sunday January 11, 2004 @07:56PM (#7948207)
    But still a bit harsh on IPv6....

    As to the notion of never running out of address space 'never, never' as he puts it, I wouldn't be so sure. The 32-bit address space provides 4.2 billion addresses. With that in mind, we are much nearer to exhaustion than current usage would dictate. It is all about the allocation, and if sloppy allocation occurs, the 128-bit address space of IPv6 could be exhausted too. For example, the architecture of current implementations make it so that the smallest subnet anyone will likely allocate are 64-bit networks, and use MAC addresses (or something else, but still 64-bit, because it's easy), so immediately you take the address space down tremendously. Still should be well more than enough for everyone on earth to have a /64 network, but it has yet to be seen whether certain organizations might, for the hell of it, get allocated /8 networks because they can. As near as I can tell, the high 16 bits seem to be somewhat protected, but you never know what will happen. If there is a grab for /8 networks among big players, you have the same problems that IPv4 has today.

    As to security implications, it is true that implementations will be for the short term future less tested and therefore likely to contain critical flaws, but still IPv6 code is receiving a fair amount of testing, and critical flaws will not be quite so devastating as you may think, no more than an Apache, Linux Kernel, or MS security exposure, which we have seen all of in fairly recent history without the sky falling.... Of course the wrinkle in this is a lot of the 'home router' concepts that happen to protect common home systems will cease to provide that protection. They provide NAT features, therefore masking to an extent the system behind the device. Despite what the author says about NAT being bad because it doesn't protect against things like browser exploits and physical intruders, NAT is on the level of firewalling in terms of protection. Any reasonable network security person will realize that browser exploits, email worms, and physical intrusion must always be kept in mind, and it has nothing to do with NAT or firewalling. NAT remains effective at, for example, fending off web server and rpc attacks from unsuspecting or experimenting workstations. If NAT goes away (hopefully), people need to be mindful of good old firewalling strategies. Implementations are maturing (experimental ip6tables implementation, for example, is approaching closely the ipv4 iptables featureset). If cable/dsl 'routers' revert to hubs in a wealth of addressing, I expect either cable/dsl 'firewall' devices or increased ISP vigilance to deal with the more widespread system exposure.

    All that said, I like IPv6 (my desktop, gateway, and laptops are using IPv6 and each have public IPv6 addresses, keep NAT on IPv4 on some systems), but I (and everyone else) has been waiting and watching a long long time and no encouraging migrations are yet to be seen, and I doubt the near future will bring any incentive to push such a change.
  • Broadband ISPs (Score:4, Interesting)

    by chiph ( 523845 ) on Sunday January 11, 2004 @08:18PM (#7948349)
    Anyone know what the adoption rate of IPv6 is for the major broadband ISPs? TimeWarner/Comcast, etc?

    What with Win95 being EOL'd, a fair number of them will be upgrading to Windows XP (or Linux, OK?) with it's built-in support. Maybe the best approach would be from the bottom up?

    Chip H.
  • Add, not migrate! (Score:3, Insightful)

    by oddityfds ( 138457 ) on Sunday January 11, 2004 @08:21PM (#7948372)
    A lot of comments seems to be about the problem of migrating. People seems to worry about protocols and applications breaking when they migrate to IPv6.

    Well, you know what? You don't move to IPv6! You add IPv6. You can still keep your IPv4 connection. Then you can start adding IPv6 support to each protocol and application, one at a time. You can and will still be fully IPv4 compatible. You'll just allow yourself to use IPv6-only services and make it possible for you to set up new new IPv6-only services even though you've run out of IPv4 addresses.

  • Do we need IPv6 ? (Score:4, Interesting)

    by zeux ( 129034 ) * on Sunday January 11, 2004 @08:22PM (#7948377)
    I'm not sure at all.

    The IPv4 addresses are inefficiently distributed. MIT for instance has 16.7 millions of them. IBM too.

    Entire classes of addresses are reserved for things we don't REALLY use like multicast and so on.

    Plus we now have NAT and CIDR that help save some addresses.

    I bet we could use IPv4 for 20 more years. IPv6 is to complex, bulky and inefficient.

    I studied it and the fact that MAC addresses are in it blows me away.

    Aren't the IP addresses a logical layer that prevents problems when you change a NIC ? If each time you change your NIC you have to change you address I foresee lots of trouble here.

    And 128 bits addresses, okay, but entire classes are already wasted (multicast, network IDs, etc) and in the long term we could run into the same problems !

    Anyway its too expensive and slow for the moment. Nobody wants to pay 1 million dollars for the last Cisco router with IPv6 where the one we bought last year for another million is working just fine.

    Why not just add an extension to IPv4 if we really need these addresses ? I know it has a lot of flaws but hey, why change EVERYTHING ?
    • Re:Do we need IPv6 ? (Score:3, Interesting)

      by Detritus ( 11846 )
      Entire classes of addresses are reserved for things we don't REALLY use like multicast and so on.

      You don't use multicast. There are large organizations that use it for transferring huge quantities of data across the globe.

  • by femto ( 459605 ) on Sunday January 11, 2004 @08:26PM (#7948406) Homepage
    >There are so many IPv6 addresses that humanity will never run out of them--never, ever.

    Is this like: "I think there is a world market for maybe five computers."?

    What *if* molecular nanotechnoloy takes off? Humanity then decides to build a large space based object, which will be built by a massive number of 'replicators', each working within a 100nm per side cube. (Raw material will come from a passing asteroid.) It is decided that each replicator is to be individually addressable. The number of IP addresses required is then (<linear size>^3)/((100nm)^3). 2^128 addresses will be required to build a 700km cube.

    Sure this far fetched, and there are lots of other technologies which need to be invented before something like this can happen, but lots of today's things were far fetched in recent history.

  • by b0lt ( 729408 ) on Sunday January 11, 2004 @08:45PM (#7948543)
    IIRC, MIT has a class B IP range, meaning it has 255^3, or 16,581,375 IP addresses. while China and South Korea--with a combined population of more than 1.3 billion--have been allocated 38.5 million and 23.6 million respectively. Does that sound unfair to anyone? MIT having 6139 students, plus faculty and staff, compared to China having over 1 billion people. China as a whole barely has over twice what MIT has in IP allocation, while having 160,000 times more people. I believe this is a biased, pointless article, written by a moron who does not realize the enormity of what he's saying. Many Asian countries are literally running out of IP addresses, and he's complaining about "lack of security", and thinks that no routers support IPv6 (Pretty much ALL Cisco routers support IPv6 flawlessly.) This man does not know what he's talking about.
  • by Doc Ruby ( 173196 ) on Sunday January 11, 2004 @08:55PM (#7948592) Homepage Journal
    There's so much wrong with Garfinkel's "review" of IPv6 that I won't be reading his security books. Meanwhile, at the SpeakFreely RIP [fourmilab.ch] (repost) thread, the NAT bashers get poked pretty hard [slashdot.org].
  • by Scott Robinson ( 108176 ) on Sunday January 11, 2004 @09:14PM (#7948712) Homepage

    I went through the entire current posted responses, and I'm suprised people missed mistakes that - in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article.

    The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.

    Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.

    One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.

    This is so horribly backwards, he must be joking. One of the points of IPv6 is that IPv4 can be routed within and through it. (visa-versa too, but let's assume we're taking about an all v6 net) The real worry would be when someone created a v6 only site that some v4 person wouldn't be able to address.

    Ugh. I think IPv6 upgrade path will be similar to analog and digital cell phones. They're still able to route to each other, and the improved features and quality of connections have caused people to leave older analog phones. The older phones still have better coverage; but, the newer phones are still able to switch to analog mode if necessary.

    Problems with a v6 peer not being accessible to a v4 peer aren't too worrying to me. The same technologies enabling Akamai and NAT will almost certainly solve that.

    One obvious solution is an automated DNS -> TCP/IP forwarding service:

    1. Your v4 peer performs a lookup for a v6 address it cannot access.
    2. The DNS server notes your IP and responds with a forwarding v4->v6 peer.
    3. The DNS server instructs the fowarding peer of the v6 adderess you're attempting to access.
    4. When you contact the v4->v6 peer, it performs NAT to the v6 peer.

    Amy is cute.

  • Meh. (Score:3, Insightful)

    by tomstdenis ( 446163 ) <tomstdenis.gmail@com> on Sunday January 11, 2004 @09:23PM (#7948754) Homepage
    I still think re-working the way people think about IP addresses will solve more problems.

    E.g. You're toaster doesn't really need a public IP does it? [or your cell phone for that matter].

    Good use of NAT can solve all of these problems...

    There is no reason why certain companies/schools have millions of addresses each. Plain and simple.

    Tom
  • by bgarrett ( 6193 ) <[garrett] [at] [memesis.org]> on Sunday January 11, 2004 @09:42PM (#7948862) Homepage
    New software contains new bugs. Hardware upgrades are expensive. NAT is not a magic bullet.

    Does this man write a regular column called "The Obvious"? He should.
  • Comment removed (Score:3, Informative)

    by account_deleted ( 4530225 ) on Monday January 12, 2004 @01:35AM (#7950180)
    Comment removed based on user account deletion
  • by Jugalator ( 259273 ) on Monday January 12, 2004 @02:44AM (#7950416) Journal
    He is fairly aggressive at attacking IPv6, and even contradicts himself in his fury against the protocol...

    all IPv6 code is untested and therefore insecure

    Yes, if you don't count university networks that has been using 6bone for several years now. Read up a bit on 6bone, and you'll see that the primary purpose of it is to function as a testbed for IPv6. But of course, computer scientists aren't really able to find and fix problems in the protocol.

    IPv6 makes encourages 'peer-to-peer based copyright violation systems

    I won't even comment on this...

    Deploying IPv6 means that every application that uses Internet addresses needs to be changed.

    However, isn't IPv6 designed to be backwards compatible? I.e. have a separate address space that emulates IPv4? So there isn't an urgent need to switch *now* when it starts getting used? Using the IPv6 stack should not mean an unability to talk with IPv4 clients.

    Today, most routers come equipped with special-purpose integrated circuits that can route IPv4 packets very quickly. But because there is no demand for it, those routers don't have similar hardware that can route V6 in hardware

    I'll just let him contradict himself:

    "The code that lets computers talk on an IPv6-enabled network is now built into the current versions of Windows XP, MacOS, Linux, and many forms of Unix. Every router made by Cisco comes ready to run IPv6. So does every Nokia mobile phone. The whole world is getting dressed up for the IPv6 party."

    If they're already implementing software support for IPv6 before it's even starting to get used, doesn't he think this is a sign that the manufacturers are dedicated to bring hardware IPv6 support once it gets even more widely used? If not, he needs to explain why.

    He complains about upgrade costs too, which seems to be a concept never heard or experienced by him before, as he seem to be in shock while discussing it.

    But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.

    True, updated software might get new bugs if they aren't tested properly. What's new? This risk is taken daily by adopters of upgraded or new software.
  • by john_uy ( 187459 ) on Monday January 12, 2004 @10:25AM (#7952311)
    there are lots of other advantages of ipv6 compared to ipv4:

    routing - different rirs have now created policies that will make routing much efficient. it will be hierarchal so routing tables will much smaller (thus faster routing.)
    headers - the ipv6 headers has been optimized compared to ipv4, data transmitted includes qos (standard)
    multicast - no more broadcast. we don't have to worry about too much data storms in our network (better bandwidth utilization.)
    autoconfig - ipv6 provides for automatic configuration of ip addresses. this will make transition much easier since most devices can be made ipv6 ready and activated and it will automatically configure itself and run on ipv6.
    tunneling - you can do endless tunneling to seamlessly support ipv4 and ipv6 networks together. you can easily put an ipv6 backbone with ipv4 clients running (with all translation under the fe80 range.)
    addressing - clear policies has been made with regards to addressing (and routing as well) to prevent problems that have plagued existing ipv4 networks. the division of the /128 into multiple subbits (like /4) helps in the logical arrangement in the address.

    maybe since mit has 16.7million ip addresses, they are afraid of ipv6. based on existing policies agreed upon by rirs (arin, apnic, ripe), you will be allocated a /48 (65535 subnets) if you are able to utilize 200 subnets within 2 years. by default (i don't know how they run their network - if it is efficient or they just subnet their network and waste all the ip address) they may have a hard time getting allocation from arin. they might need to get the suballocation from a provider (since it is hierarchal) so that's why they are opposed to the idea.

    even if they do not switch to ipv6 (i hope they will be the last one.) the entire world will be running in ipv6. here in asia, it is much harder to get ipv4 addresses. so we are already experimenting with ipv6 (and readying for production grade native ipv6 networks with full peering and routing - we have purchased ipv6 routers in preparation for a full ipv6 backbone with ipv4 tunneled instead.)

    software is increasing its support with ipv6. windows xp already has support (not so savvy end users can now start benefiting from ipv6.) linux and apps already has support. most network equipment now supports ipv6. heck my mobile phone can access an ipv6 network natively!

    final words. go ipv6! it's about time. (and note to all admins, experiment with ipv6 and you'll see.)

    p.s. slashdot was inaccessible for a few minutes before i posted this content

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...