Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet

How Feds are Dropping the Ball on IPv6 299

BobB-NW writes "U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say. Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future."
This discussion has been archived. No new comments can be posted.

How Feds are Dropping the Ball on IPv6

Comments Filter:
  • As things go ... (Score:5, Interesting)

    by foobsr ( 693224 ) on Monday December 17, 2007 @11:20AM (#21725978) Homepage Journal
    Regional registry IPv4 address exhaustion in... 1442 Days, 07 Hours, 42 Minutes, 42 Seconds. ( http://penrose.uk6x.com/ [uk6x.com] )

    So there is plenty time for someone to wake up, wanting it yesterday.

    CC.
    • Re: (Score:2, Insightful)

      by rubycodez ( 864176 )
      plenty of unused space can be reclaimed from horribly overbooked holders, it's five years or more, back to sleep everyone, we don't need ip6 this decade, and people that want to play can tunnel.
      • But I want my own personal /24 block now. :(

        Its bloody useful. No need to skimp on IPs with it.
      • Re: (Score:3, Interesting)

        by anticypher ( 48312 )
        plenty of unused space can be reclaimed from horribly overbooked holders

        The last of the freely available /8's will be allocated from IANA/ICANN to the RIRs in May 2010. It will take approximately 9-15 months for those freely available address to be allocated to end users. After that point, all new allocations will come from reclaimed space.

        If all the unused/unannounced/reserved /8 blocks were to be reclaimed without any difficulties, like law suits, it would extend the allocation pool by a maximum of 23 mon
        • Re: (Score:3, Insightful)

          by afidel ( 530433 )
          They just need to reallocate some blocks, MIT [mit.edu] has a Class A, 4 Class B's and a host of Class C's. That's enough to get most countries online. HP has TWO class A's thanks to the consumption of Compaq/DEC, ham's have a class A as does Xerox and Halliburton. Combined that makes for 100+ million additional IP's to become available if a couple large organizations simply re-ip. Now I know a large scale re-ip can be painful, but they have years to do it if they start now.
          • Re:As things go ... (Score:4, Interesting)

            by anticypher ( 48312 ) <anticypherNO@SPAMgmail.com> on Monday December 17, 2007 @03:16PM (#21729968) Homepage
            Current allocation rate of IPv4 addresses worldwide is the equivalent of one /8 every 4.5 weeks, and accelerating. Last year the rate was one /8 every 5.5 to 6 weeks. Calculations of May 2010 are assuming that the rate doesn't accelerate any more.

            When I said ALL big blocks being reclaimed into the available pool, that included all the remaining /8 allocations, including HP's 2x /8, MIT's /8, and all the others. Even with reclaiming all those /8s, it will extend the pool by 23 months at most.

            The block allocated for Amateur radio operations was reclaimed a couple years ago, as well as the ones for Interop and other early networking groups. Those allocations are either already gone or back in the free pool.

            HP has already announced plans to rent their addresses to customers who buy their big servers with a maintenance/service plan, and put the servers in partner data centres. So, in a few years, all those companies who want to get on the internet and can't wait a year or more for their allocation request to be fulfilled, they can throw a lot of money at HP and be up and running much faster. At least, that's what HP is counting on. If you think HP is going to willingly return any of their allocations when they can make US$10/month per IP address, you must be smoking some strong belly lint.

            the AC
    • by Cally ( 10873 )
      Of course, pointy-haired-bosses are going to start reading about the inevitable IPv4 address-space exhaustion in in-flight magazines a couple of years before this date (which is 2011 IIRC) and will be banging on your door demanding to know what you're going to do about it well before. You want IP6 experience on your CV a long time before that happens.
    • by Glowing Fish ( 155236 ) on Monday December 17, 2007 @11:31AM (#21726076) Homepage
      But before that happens, we are going to hit peak oil anyway, and people will be too busy killing their neighbors with their bare fingernails to steal his tree bark to eat to worry about the fact that everyone in the family's laptops, palmtops and wired household appliances can't have their own IP addresses.
      • Meh, hide all your household appliances behind a gateway!! *shakes fist* And keep your hands off my trees you long fingernailed hippy! You can chew on these damned polar bears that keep migrating here to get away from all that global warming, since it's so frackin freezing here right now..
    • by Howitzer86 ( 964585 ) on Monday December 17, 2007 @11:39AM (#21726162)
      So 2012 then?
      • Re: (Score:3, Funny)

        by Kjella ( 173770 )
        Yep. That's when the IP counter will overflow, the Internet will segfault and kill itself. On reboot it'll ask for the root password but since Al Gore lost it, we just have to scrap everything and start over from scratch.
    • Re: (Score:3, Insightful)

      by Tony Hoyle ( 11698 )
      The problem with that site is it's counting down... in the last few years more address space has been released than claimed, so it should be static or counting up.

      ipv6 has been needed 'real soon now' for 20 years. Yes we'll need it eventually, but it's so far from commercial deployment that it's just not an option - most infrastructure simply doesn't support it (in fact trying to run ipv6 over active directory will utterly screw it up because of the conflict between xp supporting ipv6 ad clients and 2003 n
      • by pyite ( 140350 )
        but it's so far from commercial deployment that it's just not an option - most infrastructure simply doesn't support it

        I guess that depends on your definition of "most." It's been in Solaris since Solaris 8. It's been in Linux since 2.2. Cisco supports it as does Juniper. Right there you capture most of the Internet server market and underlying infrastructure. As for Microsoft, if they can't get their act together, you can run IPv4 pools translated to IPv6 without an issue. So really, it is an option and it
        • Cisco 'supports' it provided you upgrade IOS and have the right contract, and anyone who's ever run that knows you never upgrade it short of someone putting a gun to your head - too much stuff breaks.

          Looking around me I see a VOIP phone (ipv4 only), printer (ipv4 only), wireless router (ipv4 only), server (HP, ipv4 only, support contract does not allow OS reconfiguration), the cisco router which actually does ipv6 and this laptop.

          So I could enable ipv6 between two devices. Except the leased line doesn't su
    • Re: (Score:3, Insightful)

      by iamacat ( 583406 )
      That's nothing! Regional registry 10 digit phone number exhaustion in... -20 years. These days big companies can not just get a /5 phone number suffix to use for themselves. They are instead forced to hide behind NATed PBX exchanges and ask people to reach individual employees by dialing an additional 4 digit port number. This has ruined american business, but that's nothing compared to draconian restrictions on families who are not able to get a separate external phone numbers for every TV, settop box, toi
    • Weren't they saying that IPv4 addresses would be exhausted in four years, four years ago? I would like to introduce Citizen of Earth's Law:

      The IPv4 address space will always be exhausted four years from the present time.

  • by yagu ( 721525 ) * <<moc.liamg> <ta> <ugayay>> on Monday December 17, 2007 @11:22AM (#21725992) Journal

    I don't blame anyone, even government in this case, for avoiding the hassle of getting everything converted to IPv6. Maybe eventually we all will have to be there, but there always seems to be workarounds that work for everyone, minimal hassle, minimal pain.

    If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.

    An interesting aside, meeting the mandate only requires they are IPv6 capable, not running it. This is the same height bar the government set for Microsoft in the early nineties when Microsoft delivered the DOA POSIX-compliant (never to be really used) NT. NT, with its barely implemented POSIX subsystem (only implemented the library portion, btw, not the user interface) got to put a check in the POSIX checkbox for government contracts.

    Lesson to be learned? If you want to make an effective mandate, make it a mandate for implementation, not capability.

    The government:

    • couldn't do metric
    • couldn't do POSIX
    • isn't doing IPv6
    • by Midnight Thunder ( 17205 ) on Monday December 17, 2007 @11:34AM (#21726100) Homepage Journal
      IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box, though that doesn't mean that there aren't a few hurdles, including:
          - Upgrading routers, firewalls et al to support IPv6.
          - Some application software still not being fully IPv6 ready.
          - A large number of sites still don't have IPv6 DNS addresses

      I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant. For example is simply having a 6to4 gateway considered IPv6 compliance.

      All this said and done, has anyone here on /. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.
      • "All this said and done, has anyone here on /. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience."

        Apple uses IPv6 for Bonjour...printer sharing, etc. Been that way for some time. China & Europe have large networks in action as well.
      • Re: (Score:2, Insightful)

        by TechHawk ( 570290 )
        IPv6 isn't that complicated to set up, especially since most recent desktops support IPv6 out of the box

        You're assuming that

        1: They are using "recent desktops"

        2: The image that they are loading onto the desktop will support IPv6

        Neither of those assumptions are anything resembling a "sure bet".

        I'd bet on the Dolphins beating the Patriots next weekend before I'd bet on the above.
      • I think the problem, like many government proposals is not the recommendation, but the lack of research guidelines or instructions on how to make the infrastructure IPv6 compliant or what it means to be IPv6 compliant.
        My guess is that there was a lack of money to make this happen.

        The Mandate probably didn't come with any funding attached to it and it gives the Agencies a cheap way out... what do you think they're going to do?
      • by jd ( 1658 )
        Yes, it took me a few months, running 2.4.20 and the IPv6 patches, back in 1996. Since then, the software has improved, support in applications is so much better, and many grey areas have been cleaned up. It would probably take a few days to migrate a network of reasonable size today. Maybe a week at most.

        (By comparison, it took about 1.5 years for the US Navy to switch from one e-mail system to a more secure alternative, due to reliability issues, security problems and brain-dead contracting.)

      • A question for those who know:
            - Upgrading an IPv4 CISCO network device, such as router, gateway or firewall, is this: 100% software, hardware upgrade and are does CISCO charge you for the pleasure:
            - Other than Apple Airport Extreme, are there any IPv6 ready ADSL/Cable routers?
        • - Upgrading an IPv4 CISCO network device, such as router, gateway or firewall, is this: 100% software, hardware upgrade and are does CISCO charge you for the pleasure:


          Well it depends on the device.. you'd need a recent IOS if your image doesn't support it.

          Presumably you have a support contract on the device so you can download it directly.. of course there's the whole QA, Testing thing you have to do before deployment. It's not a 5 minute job.

          Ciscos ipv6 firewall is actually quite passable, but you can
      • Re: (Score:3, Interesting)

        by CastrTroy ( 595695 )
        You would be surprise how many applications don't support IPV6. And how hard it would be to upgrade these applications. Most organizations, government or private, are filled with tons of custom software which was developed many years ago. Many of the applications are an every day part of doing business. A large percentage of these applications probably don't even have source code available to the company, and if they do, the people who originally worked on it have long since moved on. It may just be a s
      • by Sycraft-fu ( 314770 ) on Monday December 17, 2007 @12:10PM (#21726564)
        That is the reason why we don't do IPv6 where I work (university). A lot of people think it is easier, and more importantly cheaper, than it really is because they've worked on small networks, or have been at a place that did IPv6 wrong.

        What happens on a large, high speed, network is that your routers rely on hardware acceleration to be able to pass traffic as quickly as you want, while still implementing all the rules you want. What that means is there are ASICs of various kinds that can handle various kinds of traffic. On older hardware (and some newer too), these are for IPv4. So anything else has to be handled by the router's CPU, which really isn't very powerful.

        So, what that means is that you can technically support IPv6 by just turning it on, but only if you are willing to do it poorly. If we enabled it on all the routers, we would effectively support IPv6 internally. Great, and initially everything would work fine. However if any significant number of people actually decided to use it, network performance issues would come up in a hurry.

        To really support it we have to buy new routers that support IPv6 in hardware. This could be done, but it would be expensive. Last time it was looked at the price tag was over $5 million. As you can probably guess, the university wasn't that interested in spending money like that for what was perceived to be no gain at all.

        So while in a smaller network, where there's only an edge router and it isn't very high speed, yes IPv6 can be as simple as some software updates and turning it on for all devices. However when you have a larger, higher performance, network, you often need new hardware. That's a lot of money, and it is hard to justify that being spent for no real gain.
      • by Tony Hoyle ( 11698 ) <tmh@nodomain.org> on Monday December 17, 2007 @12:11PM (#21726572) Homepage
        IPv6 isn't that complicated to set up

        Yes it is.

        Desktops are only the start.
        Your servers need it (no ipv6 AD support).
        No ipv6 network printer support.
        No ipv6 VOIP support.
        Poor to nonexistant ipv6 router support, and of those that do most of them don't support firewalling it.
        Poor to nonexistant connectivity. Try asking the average ISP for an ipv6 address and they'll just look at you funny. It's not just consumer ISPs either - this business park I'm in at the moment has *no idea* what ipv6 is and has no timescale to look at it either.

        Then there's the bits and pieces.. Dies Blackberry support ipv6? I know iphone doesn't, and Symbian's implementation is broken (relies on a dhcpv6 server and even then seems to need some kind of proprietary extension to that).
      • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Monday December 17, 2007 @12:44PM (#21727134) Homepage
        - A large number of sites still don't have IPv6 DNS addresses
        That's the biggest problem. Until I can reach every server with IPv6, I'll still need IPv4. Since I need IPv4, why should I bother with IPv6?
      • by anticypher ( 48312 ) <anticypherNO@SPAMgmail.com> on Monday December 17, 2007 @01:51PM (#21728140) Homepage
        has anyone here on /. actually upgraded a network to be IPv6 compliant and what can you tell us about real world experience.

        I've done it. And now that I have a couple of posts in this thread banging the drum FOR IPv6 and correcting serious misconceptions, I'll use this thread to trash IPv6 :-)

        On most networking equipment, turning on IPv6 is no more complex than a global "ipv6 routing" and setting the address on interfaces just like you do for IPv4. I'll use a pseudo-cisco example
        interface Gig0/0
        ip address 223.123.40.1 255.255.224.0
        ipv6 address 2001:1a1:98b5:1::1/64

        After that, most modern OSes on that segment will recognize the router announcements, autoconfigure, and start using IPv6. That's the easy part.

        All routers and switches introduced to the market in the last two or so years seem to support v6 traffic, in VLSI hardware for the higher end kit. In fact, I haven't seen one new product announcement in at least two years that didn't have wire speed IPv6, no more passing unknown packets to CPU. But new kit is only put in slowly, and old kit has a useful lifespan of around a decade. Try passing IPv6 traffic on an older layer2 switch over a dedicated vlan, and many older switches can't deal with production traffic levels.

        Once you start climbing the protocol stack you run into more problems.

        With the sole exception of OpenBSDs pf firewall, there isn't a firewall out there that does IPv6 fully. Many firewall manufacturers will announce IPv6 support, but all that means is they have a rule for detecting IPv6 packets and either dropping them or passing them. They can't filter on address ranges or higher level protocols. One big manufacturer of firewalls now claims they support IPv6 because although their equipment doesn't yet support it, their tech support will take feature requests. Network security software (types like nmap) have little to no support, mostly because the authors have no real world examples to code around.

        Services vary in their v6 support. Bind is fantastic. Apache kind of supports it, but many modules in Apache2 choke when it's turned on. The web programming languages are all a mess in their support; perl, PHP, java, python and the rest are a complete gamble, and even when support is mostly there, bugs crop up all over the place. The databases used behind many websites, such as MySQL and Postgres have spotty support, and if you don't go back and clean up your database code, they'll return all kinds of shit if the webserver starts passing in IPv6 addresses where someone hardcoded 4 bytes. Some of the freeware/GPLed/opensource projects like ircd and jabberd seem to have full support, and there are very few service daemons that don't at least acknowledge IPv6 existence.

        Up at the application level, all modern browsers will use IPv6 correctly. Many apps written for Apple OSX make use of IPv6 if it's present, the only exception I know of is skype. All my networks, and most of my client's networks are dual stacked, so I never even notice that all my SSH sessions are over IPv6, as are all my web connections to nagios or cacti machines, our instant messenger traffic and most everything else. At least at the user application level, there has been years of preparation and it shows. On Vista, what little playing around I've done shows almost no application level support except IE7 which works as well as IE7 possibly can.

        Small networking appliance support is almost non-existant. Except for Apple's wireless networking box, there isn't a DSL or cable modem on sale in the west that has support. In China, Korea, Japan and a few other south-east asian countries, most CPE boxes have IPv6 support, because most ISPs are forced to use it as they can't get enough IPv4 addresses for their end users. Much of the IPv6 web traffic I see outside my own little European island is to sites in the far east, where support is widespread.

        Mandatory IPSec security is a joke, many v6 n
    • by Bert64 ( 520050 )
      // If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs // just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories // high, and the block to walk around were 600 ft each side, it might be a different choice.

      I don't know, what is the weather like? What's the crime r
    • If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.

      Well, what if somebody told you that if you didn't start doing th

      • Well, what if somebody told you that if you didn't start doing that there'd eventually be no coffee for anybody?

        I'd tell them that firsly a few rich people had hoarded all the coffee and they needed to give it back, and everyone else can just share cups until that happens. Oh and in the worst case the coffee isn't going to run out for 10 years plus anyway.
        • by fm6 ( 162816 )
          There's a lot more to IPv6 than a bigger address space.
          • Not really. It does nothing else that can't be done on ipv4 for a lot less and without spending billions on hardware upgrades.
            • by fm6 ( 162816 )
              Really? How do you do jumbograms on IPv4?
              • You want to send a guy dressed as an elephant do your boss??

                Anyway I digress... jumbo frames have been supported on ipv4 for years.

      • by AJWM ( 19027 )
        Their beans are not particularly high quality, and they roast them too long.

        That's why they roast them too long. One burned coffee bean tastes just like another.

        A classic demonstration of how good marketing and branding can move a worthless product.

        Well, look where Starbucks got started (Seattle). They learned from the masters (a certain software company located in a Seattle suburb).
    • If you wanted a Starbucks coffee, and it was one street down, and someone told you you had to go through the in-between building, climb up and down its twenty flights of stairs just to get to the next street for you coffee, and you knew you could just walk around the building on the sidewalk, what would you do? Now, if the building were only two stories high, and the block to walk around were 600 ft each side, it might be a different choice.

      I don't understand. Could you rephrase that as a car analogy?
  • No real drive (Score:5, Interesting)

    by Marillion ( 33728 ) <ericbardes@nosPAM.gmail.com> on Monday December 17, 2007 @11:27AM (#21726034)
    I also look at the industry as a whole. I don't see any real drive, a critical mass if you will, for getting off of IPv4. My ISP doesn't offer IPv6. My company doesn't use IPv6. It's little wonder that the government is dragging it's feet.
    • I expect some mass-market ISP will be the first to make the switch to IPv6. Most of their customers couldn't tell an IP address from a hole in the ground, so it might be the perfect testbed. Particularly if AOL could go on to sell their now free IPv4 allocations.
      • Re: (Score:3, Insightful)

        It bad idea as IPv6 kills NAT and ISP like COMCRAP will love to make you pay per system that you have on your network.
        • Re: (Score:3, Insightful)

          by grahamsz ( 150076 )
          Is there a technical reason why you can't do NAT over IPv6?

          I can't see any reason it wouldn't work.
          • by gclef ( 96311 )
            There is no technical reason, but there are some *very* strongly-held philosophical ones. Many of the designers of IPv6 felt that NAT is bad (approaching evil), and have steadfastly resisted anything that might resemble NAT in IPv6. Whether the market will overrule them or not remains to be seen.
          • by jd ( 1658 )
            You can. It's the underpinning of NEMO (NEtwork MObility), provided the means by which Telebit routers allowed you to make network segmentation totally invisible to the routing protocol, is fundamental to IPv4/IPv6 mapping, is key to creating private networks, and is built in to the notion of transient addressing schemes. It's one thing if people don't want to use the mechanisms that exist, but it's another to imagine that non-use is the same as non-presence. That's more than a bit unfair.
          • The problem isn't that users need NAT and IPv6 doesn't support it - the problem is that the user's existing NAT box either isn't upgradeable or requires reading instructions that are too complicated for the average user, if the user even kept them around after the first installation. Also, some users have DSL/cable boxes that are routers, and aren't necessarily upgradeable, while others have bridges so they don't care.

            IPv6's designers didn't expect users to need NAT - they're providing a /64 or bigger, so

      • In France, the ISP Free telecom offers the possibility [journaldunet.com] [fr] to migrate to IP V6 already.

    • by Bert64 ( 520050 )
      Very few ISPs offer IPv6, and those that do often don't advertise it because most of the customers wouldn't even understand what it was.

      The ISP i use offers native IPv6 over any connection you can get from them (dsl, dialup, leased line, colo, iptransit etc)... But getting a DSL router that actually supports v6 was a pain, i had to buy a pricey cisco in the end.
    • by jandrese ( 485 )
      Yeah, this has been the major stumbling block for me. Since my ISP does not support it why should I bother trying to switch over? Sure there are 4to6 gateways, but that requires someone else on the other end running another gateway. There are solutions for home users on the internet, but they're mostly designed for people who have static IP addresses (not your average home user). Until ISP support is such that you can flip on the IPv6 switch and have it work (a switch that is on by default in most major
  • They are just making too much money managing the current ipv4 limitations, that's the problem.
  • by jd ( 1658 ) <<moc.oohay> <ta> <kapimi>> on Monday December 17, 2007 @11:36AM (#21726136) Homepage Journal
    ...this is important (beyond the address count issue) for the Feds specifically:

    • IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
    • The protocol incorporates many of the features back-engineered into IPv4 as standard, producing a cleaner design with fewer compromises and fewer flaws
    • Built-in support for protocol expansion means future updates should have less impact and be adoptable faster
    • Automatic configuration means fewer errors and less maintenance
    • Alignment of entries in the header means potentially greater throughput
    • Skript Kiddies will end up jumping off bridges as they won't know what to do
    • Software contracting firms are located in regions in which elections are due, creating excellent opportunities on both sides of the table
    • by Bert64 ( 520050 )
      Script kiddies have been using IPv6 for years...
      Just look at Efnet or IRCnet, lots of kiddies using ipv6 there.
      From their perspective, larger number of IPs freely available means easier vanity hosts for ircing from, and it makes it a little harder for other kiddies to dos them offline.
    • by jandrese ( 485 ) <kensama@vt.edu> on Monday December 17, 2007 @11:54AM (#21726352) Homepage Journal

      IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
      This has not been my experience with it. IPv6 is way more complex and poorly understood than IPv4 and as a result it is a lot more likely to have an unexpected security hole when set up by actual human beings than IPv4.
    • by gclef ( 96311 )
      A few comments (as someone who's pretty familiar with both IPv6 and gov't work):

      Grades: I'm almost certain that none of IPv6's security enhancements will help the Agency's grades in the slightest. They're not graded on whether they're hacked or not...they're graded on how well or how badly they're keeping up and managing security. It is entirely possible (and quite probable) that the Feds will still manage security badly, even if they're on IPv6.

      Automatic configuration: no one is going to run stateless au
    • Geez, this list again? Ok, here we go:

      IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.

      No, it doesn't. The IPSec header field in IPv6 works in the exact same way that it does in IPv4. The possible benefit of including it in the spec is that it'd theoretically be easier to have interoperable implementations of IP6Sec. The reason .gov gets a D- or F doesn't have to do with the level of or quality of the encrypti

  • and many would argue that it's not. The IPV6 address space is beyond reasonable, and the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill. We still have huge Class B spaces taken up by various hoarders that need to give it up and use some common sense. There are loads of CIDR blocks that need to be used or pushed back into the pools of available IPV4 space.

    Those that do only the minimum to achieve IPV6 addressing are in my perso
    • by jd ( 1658 )
      Addressing is this teeny tiny eenie weenie ittie bittie fragment of the changes involved in IPv6. I wish people would stop going on about it, it's an utterly insignificant component. And even if it were important, addressing is heirarchical by design (provided you use automatic addressing) and the bulk of problems involving it were considered solved by the 6Bone group at the time the protocol went native on the backbone. Routing on IPv6 is far simpler than on IPv4. It's also faster, because routing tables c
    • by coolGuyZak ( 844482 ) on Monday December 17, 2007 @12:16PM (#21726658)

      the onerous idea of tracking every conceivable device right down to bullets fired (look it up) is staggeringly senseless overkill.

      I tried to look up the result on Google [google.com] multiple [google.com] times [google.com] and wikipedia [wikipedia.org], finding nothing. Interestingly enough, your post is the first quote in the first google search.

      If you're going to ask us to research something ourselves, please have the courtesy to provide enough information for the search.

    • Re: (Score:3, Insightful)

      by fizzbin ( 110016 ) *
      How do you propose to get Class B hoarders (to say nothing of Class A hoarders who got their blocks in the 80s and early 90s) to turn loose of them? Other threads have talked about lawsuits being necessary. What do you know that they don't?

      In any case, there is no incentive for government, business or anyone else to adopt IPv6 unless and until it costs them to get IPv4 addresses. ARIN and the other RIRs need to announce *now* that by, say, 2009, they will start charging for IPv4 address allocations.
    • by billstewart ( 78916 ) on Monday December 17, 2007 @01:16PM (#21727640) Journal
      Yes, the IPv6 space is bigger than it could have been - some people thought that 64 bits would be enough, some wanted 80, some wanted 160. But the transition is enough of a pain that it's worth only doing it once, and 128 bits isn't that much more trouble than 64. Also, it's turning out that having more bits of network side will simplify a lot of potential network applications.


      There isn't a lot of hoarded Class B space out there - if anything, most of the hoarding is at the /24 level, by companies that need a /24 for dual-carrier routing reasons, but would otherwise need only a /29 or so to handle the external side of their firewalls.


      IPv6 had a lot of optimistic goals, some of which (like security and autoconfiguration) have been achieved in other ways (like IPSEC and DHCP), and others (like hierarchical simplification of routing structures) don't look like they'll really happen. But the IPv4 space is going to run out, and we're not going to be able to squeeze much past 2012 - especially if a billion people want data on their cellphones, or if the Chinese economy adds a couple hundred million broadband users, which won't take long, or a couple million businesses, which won't take long either.


      The IPv6 address space is very rationally designed, and yes, managing it does take work - but it's big enough that there's room to experiment, unlike IPv4 which ran out of slack well over a decade ago.

  • by Slashdot Parent ( 995749 ) on Monday December 17, 2007 @11:41AM (#21726200)
    What benefit does your average government agency get for switching to IPv6, and does it outweigh the costs?

    Obviously not, because if the benefits outweighed the costs, no mandate would be necessary. Agencies would have long ago switched on their own.

    And since costs outweigh the benefits, who can blame agencies for doing the bare minimum to achieve compliance? The writeup makes it sound like agency obstinance, but I view it is good budget stewardship. Agencies don't seem to want to flush good budget down the IPv6 toilet.
    • by Bert64 ( 520050 )
      You dont need to "switch" per se, you can use v4 and v6 at the same time easily.

      It's a chicken and egg situation, organisations don't switch because other organisations/individuals they deal with haven't either.
      On the other hand, if you enable v6 now you get a step ahead. Eventually the v4 addresses will run out, and people will have no alternative but to start using v6. Those of us who already use v6 will be good to go by then, and already have the kinks ironed out of our setups.
      • You dont need to "switch" per se
        I agree with you that "switch" was a bad choice of words.

        But my point still remains. If agencies felt they could benefit from the adoption of IPv6 more than said adoption would cost, no mandate would be necessary. So who can blame agencies for doing the bare minimum to comply with this mandate?
        • by Bert64 ( 520050 )
          Well, there are few short term benefits but plenty of long term ones.
          These agencies don't care about long term, since their budgets are done on a yearly basis. That's where the problem lies.
      • You dont need to "switch" per se, you can use v4 and v6 at the same time easily.

        In which case why bother? You don't need two protocols to connect.. only one.

        You *do* need ipv4 because a lot of applications, services, even websites are strictly ipv4 only - and for bespoke applications probably always will be.

        There are no ipv6 only applications, services or websites. So you're just spending money for zero benefit.

        Show a sound business case for adoption of ipv6 and you'll get adoption. Until that happens yo
    • by sherriw ( 794536 )
      What country do you live in where governments choose the most cost effective or beneficial path by default? I'd like to move there....
  • Why bother? (Score:2, Insightful)

    by davidwr ( 791652 )
    As much as people hate stop-gaps like NAT, in some environments it is a cheap solution to several problems and doesn't introduce new ones.

    Besides, how long did it take government computer networks to switch from proprietary systems like IBM's SNA, Microsoft's NetBIOS, Banyan's VINES, Digital's DECNET, Apple's Appletalk, and others to IPv4? IPv4 came out in the early '80s. I'd venture to say more than one government office was still using a completely-non-IPv4 network well into the '90s.

    No, unless there is
    • Re:Why bother? (Score:4, Insightful)

      by Antique Geekmeister ( 740220 ) on Monday December 17, 2007 @12:27PM (#21726826)
      Oh, NAT is more useful in several ways. It provides a single router or entry point that you can monitor for security reasons, it prevents people from running announced services such as HTTP, SMTP, or file sharing from their internal machines, and it draws a useful curtain of obscurity against activities you don't want traced back to their source.

      Switching to IPv6 often involves hardware switchovers and the elimination of old services that simply cannot interoperate with it because they weren't designed to, and should have been discarded years ago but haven't been, and the original author has very much moved on.
    • Why did Skype grow so fast? Because it had an effective workaround for all the brokenness NAT causes. NAT's fine if you're just a consumer of bits, sending out requests and getting responses back, but if you're trying to provide a service (such as letting somebody call your phone or send you direct Instant Messages) it fails.
  • add a nation tag to the end of IP addresses like 123.456.78.90.usa or 123.456.78.90.cn for China, would this be possible to implement @ the root backbone servers?
    • Re:why not an IPv4.1 (Score:5, Informative)

      by jandrese ( 485 ) <kensama@vt.edu> on Monday December 17, 2007 @12:01PM (#21726454) Homepage Journal
      Because there is no space in the IP header for that, and no router support. This means you'd have to extend the IP packet header by creating a new protocol number and once you get all of that stuff done and implemented, you have done just as much work as you would have done to switch over to IPv6 (which is afterall just another protocol number). One of the primary design goals of IPv6 was to avoid ever having to make this transition again (look how painful it has been already), so halfassed solutions that will require us to make yet another transition down the road are less than appealing.
  • Academic Attitude (Score:5, Insightful)

    by jeremiahbell ( 522050 ) <{moc.oohay} {ta} {llebhaimerej}> on Monday December 17, 2007 @11:49AM (#21726292) Homepage
    During this last college semester I expressed my disappointment that IPv6 wasn't being implemented as widely as I thought it should be. I also subtly hinted at my disappoint that IPv6 wasn't covered at all (except one half a page of 405). My teacher said "I think it will take a new generation of Network Tech to implement IPv6". How in the hell are we going to have a new generation implementing it when it isn't even taught? I just took that joke of a Network+ test and now I'm certified, and I don't know diddly-squat about IPv6. Thankfully Wikipedia is there to explain a little bit of it to me.
    • by jd ( 1658 )
      A few suggestions for getting into IPv6. First, there are a number of free IPv6 tunnel brokers. If you're using a DSL router that you can program with OpenWRT, all the better, as you can get the broker to talk direct to the router without any real effort on your part.

      Secondly, there are some excellent online guides to IPv6, describing the packet structure, the additional capabilities, history, and so on. There are also several mailing lists, the 6Bone archives, and pretty much all of the information circu

    • Cisco revises their CCNA exams every couple of years. The version that's just been deployed includes a lot of IPv6 material.
  • by anticypher ( 48312 ) <anticypherNO@SPAMgmail.com> on Monday December 17, 2007 @11:55AM (#21726356) Homepage
    Every major OS has IPv6 installed and enabled. Vista and XP, MacOS-X, all the BSDs, all the major Linux distros, Solaris. Older OSes like XP-SP1 or Win2k can get IPv6 installed or enabled with little trouble. It's a package install on Linux if it isn't there already.

    Every major networking equipment supplier has IPv6 support on their product lines, although some still charge for turning it on. All the high-end Cisco routers and switches support it natively, but charge extra for the IOS image that can use it. Foundry's current product line supports it everywhere. Juniper has pretty much always had IPv6. Working down the list of less popular suppliers shows most of them have some level of IPv6 support. Sure, most of the older networking equipment can't deal with v6 traffic, and the useful life for old kit is long enough that it's still probably 70% of the installed base.

    Most internet enabled mobile phones have IPv6 built in, but it tends to be invisible to the user because the phone companies are only using it for local communications, if at all. All the Nokias support IPv6 in their network stack, but I haven't seen one system that takes advantage, yet. iPhones and iPod Touches have v6 enabled by default, and if they connect to a WiFi system that has v6 router announcements, they'll autoconfigure and Safari will use it transparently.

    Where IPv6 support falls down is in super-cheap consumer networking products. All those little $40 DSL modem+firewall+4 port switch boxes just don't support v6 at all. The only good news is from when I was in discussions with the Chinese company behind many of these boxes. The versions released in China are all IPv6, it's only the versions sold outside China where they just don't include it because there is no market demand.

    The only real problem right now is with ISPs. Until the engineering staff inside ISPs and hosting companies take the responsibility to start turning it on, sales and marketing will remain blissfully unaware that it can be sold.

    One of the largest IPSs in Europe turned on IPv6 to all 8 million users this week. They've done the right thing and made it opt-in for now, their customers have to go to their control panel web page and turn it on, but almost 50,000 people did in the first 24 hours. They turned it on, and their Macs and Win machines started using IPv6 with no need to do anything other than tell Firefox and Tbird to start using IPv6 for DNS lookups. Because this one major ISP did this, their main competitor has been forced to make plans to enable IPv6 in January. After that, any ISP that doesn't have IPv6 turned on will be branded as "obsolete" or "incompetent".

    the AC
    • iPhones and iPod Touches have v6 enabled by default

      No they don't - apple ripped the ipv6 support out when they ported osx to them.
    • by kwerle ( 39371 )
      One of the largest IPSs in Europe turned on IPv6 to all 8 million users this week. They've done the right thing and made it opt-in for now, their customers have to go to their control panel web page and turn it on, but almost 50,000 people did in the first 24 hours. They turned it on, and their Macs and Win machines started using IPv6 with no need to do anything other than tell Firefox and Tbird to start using IPv6 for DNS lookups. Because this one major ISP did this, their main competitor has been forced t
      • It's a french one.. There's really only Orange/Wanadoo there (all the large businesses in france are state owned, so you don't get a lot of competition), which narrows it down somewhat :p

        No mention outside slashdot of *any* ISP doing this though that I can find.. google let me down.

        Of course explaining how to get all the linksys/dlink/etc. routers that their customers have to act as RA servers.. that's hard. I don't envy the ISP that need to do it.

  • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Monday December 17, 2007 @11:56AM (#21726394) Homepage
    IPv6 still does nothing for me. Until I can reach everybody who is listen()'ing for me using IPv6, having an IPv6 address, or IPv6 stack, or IPv6 routing doesn't help me one bit.

    Until that happens, NOBODY can adopt IPv6. That's the law, and no legislation can change that.
  • If you are interested in playing with IPv6 and are behind a NAT, then Teredo provides the necessary solution. There are certainly other 6to4 solutions, but they usually fail behind a NAT or require that your local gateway lets through certain packet types. Windows Vista already supports Teredo, from what I understand, but for other platforms an implemenation is available in the form of Miredo [remlab.net]. Its GPL licensed, for those who care.
    • Vista's Teredo only works behind certain types of NAT. It works at home behind the cisco - but then it's already on an ipv6 capable network (and you have to manually switch teredo off in that case.. a complete pain in the ass that should happen automaticaly).

      Try it behind a corporate firewall and you're hosed... never seen it work here for example.

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...