MIT Technology Review Slams IPv6 709
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
Is this technical or political? (Score:2, Insightful)
Is this article technical or is it political? It sounds as if it might be better suited for the opinion pages.
MIT is one to talk (Score:5, Insightful)
untested code... (Score:5, Insightful)
Excuse me but... (Score:5, Insightful)
Sure, they're not exactly the most honourable or squeaky clean businesses on the planet, but they sure as hell are the most popular.
speed not an issue right now (Score:4, Insightful)
Re:untested code... (Score:5, Insightful)
Oops (Score:5, Insightful)
The result of this decision made nearly 30 years ago is that the Internet simply cannot handle more than 2^32 or 4,294,967,296 devices.
help the v4 shortage (Score:5, Insightful)
When to drop IPv4 (Score:4, Insightful)
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
I think that admins will find themselves not bothering with IPv4 for individual things at their site when they find themselves out of IPv4 addresses for less-critical things.
For example, pretend it's 2008 and IPv6 is commonplace. You have a IPv4 /28 from your provider. You also have an IPv6 /48. The /28 has been fully allocated since 2006. Your www.yourcompany.com server will have an ordinary A record pointing IPv4 users at it for a long time yet, but what's your plan to let people on the outside get to your [insert-not-entirely-mission-critical-thingy-here] server (that happens to work with IPv6)?
It's an even easier decision if you, as a home user, get a single static IPv4 address for your DSL line as well as an IPv6 /48.
Re:untested code... (Score:3, Insightful)
Lower security?? (Score:4, Insightful)
It would be *nice* if there was better encryption support at low levels, to overall prevent information leaking, but even total lack of such features would mean no step back from IPv4.
Good article but a little too namby-pamby (Score:4, Insightful)
IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths. We need this? It is not even using its 128 bits efficiently. The general approach is to use the top half to identify the network and the bottom half to include the 48-bit MAC address of the computer. That was a clever hack in 1985 when proposed for DECnet Phase V (which never caught on) and became an approach in OSI CLNP. But that was not for a public spammer-ridden insecure Internet. Now it is a security and privacy hole to do that. It also means the 128 bits are not used efficiently -- we are tight with 32 bits, but an address for every atom?
IPv6 also does nothing for QoS (ignore the hype, which is based on a misunderstanding) and nothing for security (IPsec works just fine with v4). It just wastes bandwidth. So it does something for, oh, MCI. No wonder Vint (the Chauncey Gardner of the Internet) likes it! And Sprint, AT&T and VeriZontal. Great.
IPv4 could use a decent replacement some day, but IPv6 is everything you don't like about v4, and more. Eccch. A dozen years since it was "adopted" and it's gone nowhere, for good reason. The Asians weren't so involved with IETF at the time, to know the messy politics behind it. And btw the whole thing about their not having addresses is false; there is plenty of space left in the IPv4 space waiting to be allocated where needed. China can have more, as they provide more and more spam relays for the h3rb@1-v14gr4 crowd.
Re:When to drop IPv4 (Score:5, Insightful)
Nobody's going to run out of IPv4 addresses if they can set up a NAT, which is why IPv6 is waiting to jump in during a crisis that just isn't coming.
*NEED* (Score:3, Insightful)
We'll *HAVE* to move to IPv6 when the third world finally gets connected! China 1+ billion people.. India 1+ billion people.. it starts to add up!
Americans.. a whole world exists outside of your borders you know.
Re:Another "IPv6 won't be here soon" article... (Score:5, Insightful)
I didn't really follow the assertion that V6 would be less secure -- I expect that any such problem will be quickly fixed, and probably long before the majority of folks actually make the switch. As for the timing, I don't think it will be as long as Mr. Weekly says. I think that 2005 is a reasonable prediction for V6 reaching critical mass.
--
Insurance for H1-Bs: http://www.H1Bins.com
Healthcare for the uninsurable: http://www.AFFHC.com
Medigap insurance information: http://medigap.supremesite.net
wrongheaded mentality (Score:5, Insightful)
Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I have no strong opinions on the technical merits of IPv6 but I want to address the above statement, and the (IMHO) wrongheaded mentality behind it.
Why should the fact that these monopolistic groups oppose new, useful technologies, lead anyone to the conclusion that those technologies should be abandoned? Shouldn't we rather abolish the MPAA and RIAA?
When the light bulb was invented, did anyone argue we should abandon it because the candlestick industry would oppose it?
The truth is that new digital technologies are making "content" businesses like those represented by the *AA's obsolete. There is no benefit to society to engage in costly, counterproductive and futile "wars" against P2P and other useful new technologies in the name of enforcing "intelectual property" laws created in a different era that now benefit only special interests and not the public interest.
Not that optimistic, is he? (Score:2, Insightful)
Translation: he's old and new technology scares him. He writes books about technology because he doesn't actually understand it. Describing P2P networks as being "for teenyboppers" is quite insane, he must have never tried to download anything large recently (especially given the maturity of solutions like BitTorrent for free software / content distribution - even NASA used it to release their Magellan rover software to the public). This guy should retire and stop his "THE SKY IS FALLING" shriek of panic. Suggested activity: gardening.
He also has absolutely no suggested *solutions* to the problems that he pretends exist. It's not as if IP6 is going to be any less tracable than IP4, nor will it magically create problems that didn't already exist. People are still going to want to firewall off networks under IP6 - in the same way that IP4 can be firewalled off - but this will be done without NAT.
Just because a protocol is "new" doesn't automatically mean that it's a danger. I have to wonder if this guy has never bought any new software in case the CD is so new that it's infected with the Ebola virus. Which makes no sense. Yes, corporations typically hold off adopting new products till version 1.1 or 2.0, but there's no point condemning the early adopters to insecurity hell before IP6 has been rolled out to the public.
Next he'll be complaining about kids and their music... why in his day there, etc, blah, blah.
Re:what are you talking about? (Score:2, Insightful)
The ethnocentrism comes from the fact the Americans are the main people resisting IPv6. America has most of the IPv4 addresses, so they don't see a problem, and don't care about those without.
Kind of the entire American situation in a nutshell.
Typical (Score:3, Insightful)
Ever wonder why only Americans complain about IPv4?
Isn't funny how Asian nations, which you ignorantly claim have so many IPv4 addresses available, are the principal backers of IPv6 right now?
Don't feel bad -- most people are incapable of believing in any problem that doesn't affect them personally.
Re:Is this technical or political? (Score:2, Insightful)
Yes the article points out you can get behind a firewall, but like the old saw goes - just because a burglar may pick a lock doesn't mean you should leave your doors wide open (or, to extend the analogy, bolt down every valuable you have instead).
Re:NAT is bad? (Score:3, Insightful)
Then he's even more clueless than I thought.
someone could easily sneak something in behind the NAT and you'd be completely unprotected
And this is different without NAT HOW??!?! A non-NAT firewall will present the exact same security vulnerabilities as one that is using NAT.
Re:NAT is bad? (Score:2, Insightful)
Re:Another "IPv6 won't be here soon" article... (Score:3, Insightful)
American Dream. (Score:1, Insightful)
Add, not migrate! (Score:3, Insightful)
Well, you know what? You don't move to IPv6! You add IPv6. You can still keep your IPv4 connection. Then you can start adding IPv6 support to each protocol and application, one at a time. You can and will still be fully IPv4 compatible. You'll just allow yourself to use IPv6-only services and make it possible for you to set up new new IPv6-only services even though you've run out of IPv4 addresses.
Re:wrongheaded mentality (Score:3, Insightful)
Re:NAT is bad, NAT is good (Score:3, Insightful)
Seems to me that they are saying much the same thing. Walker [fourmilab.ch]:
Garfinkel [technologyreview.com]:Re:MIT is one to talk (Score:3, Insightful)
Most people (suits anyway) would look at the MIT name, and believe anything stated in the mag; with enough discussion here on /. and elsewhere, the techies of the world will have enough points on their hands to take it to their bosses and say exactly why the Review shouldn't be believed.
IPv6 Security (Score:2, Insightful)
MIT's IP Assignments (Score:5, Insightful)
Re:MIT's IP Assignments (Score:1, Insightful)
~~~
Speaking Freely about IPv6 and NAT (Score:3, Insightful)
Re:MIT's IP Assignments (Score:2, Insightful)
IPv6 for general Internet? Not going to happen... (Score:1, Insightful)
1. Most major firewall vendors would have to support it;
2. Load balancing vendors would have to support it;
3. Cache vendors would have to support it;
Home-based router vendors would have to support it;
4. IT administrators would have to understand it (they barely understand IPv4, forget about IPv6;
5. Major co-location facilities would have to offer IPv6 support on the network connectivity; and
6. The majority of hardware and software running on network devices would have to be versions that support it (which isn't the same as that the vendors support it).
Fact: Most vendors of firewall products have only recentally announced support in their flagship products for IPv6 functionality. Only when the majority of users actually use versions that support IPv6 will there be critical mass.
Fact: most load balancing systems don't support IPv6.
Fact: Most routing products sold today for edge use don't support IPv6, and will probably never support it.
Fact: Consumer and even general business ISP's don't provide IPv6 support for connectivity.
IPv6 is akin to multicast Internet access: It is available in a few places, some networks can and do use it, some network hardware vendors support it, but as a mainstream technology that people everyday encounter, it will never be widespread (or won't happen in a LONG time). Predictions of it happening in this decade are way too optimistic, and if it does, then it could easily trigger a buying spree for network hardware that supports it of the like we have never seen, and network equipment stocks will probably explode through the roof. I don't feel this will happen though.
Re:When to drop IPv4 (Score:5, Insightful)
The current solutions to this are:
Meh. (Score:3, Insightful)
E.g. You're toaster doesn't really need a public IP does it? [or your cell phone for that matter].
Good use of NAT can solve all of these problems...
There is no reason why certain companies/schools have millions of addresses each. Plain and simple.
Tom
Re:untested code... (Score:5, Insightful)
Not to mention, simply Googling for "ipv6" will reveal many reasons as to why a 128-bit addressing space is advantageous to a smaller one, which you propose. Plus, a five-byte address space isn't ideal when taking general computing sense into consideration.
Re:Another "IPv6 won't be here soon" article... (Score:3, Insightful)
The application "3degrees" makes use of the peer to peer componant for people to create groups to share music, chat and animations.
MS is pushing IPv6 heavily in Longhorn both for peer to peer collaberation applications and external devices such as bluetooth headsets.
Re:what are you talking about? (Score:3, Insightful)
So the burden is on China, Japan, India, and other countries worried about IP address shortages. And, as it happens, that's where the bulk of the development is being done (Japan especially). So you see, it works: the people who need IPv6 most are doing the most work on it, and the people who need it the least are contributing less.
Re:Is this technical or political? (Score:4, Insightful)
I just don't understand this part. This is nothing specific to IPv6. This is how the internet works. People can already connect like this, and it's pretty obvious that they DO network like this. Or, did P2P networks suddenly die while I was asleep?
Re:Garfinkel Math (Score:3, Insightful)
The real reason to switch is that there are a lot of useful special addresses. For example, there is a space of addresses for NICs in ad hoc mode, so you can make a network by connecting a bunch of devices together without needing address assignment at all.
Re:NAT is bad? (Score:3, Insightful)
Re:wrongheaded mentality (Score:2, Insightful)
no, these days the candlestick industry would just lobby for tariffs and other protections against competition.
Re:Good article but a little too namby-pamby (Score:5, Insightful)
Just some sanity checking here: IPv6 headers are only 2x the size of IPv4 headers. Folks with truly constrained bandwidth (like dialup users) can do what they do now: compress the headers (which btw, should be easier to do with IPv6). Anyway, given how much dark fiber is out there right now and how network technology continues to improve bandwidth at a pace that makes Moore's law seem kind of conservative, I think we can afford to make our headers 2x as large, particularly if it allows our routing tables to be smaller and our routing to be more efficient in general. In our current scheme, IPv4 throws away a lot of performance that IPv6 gets us back. The assumption that IPv6 is going to kill performance is rediculous.
Re:FreeBSD and (I've heard) XP already do (Score:5, Insightful)
Some people, who don't live in the real world, like to think of this type of thing as something that can just be phased out in a few years. Everyone will patch their systems slowly, and vendors will recompile the code with new libraries, and old routers will be replaced with hardware IPv6 routers, and then, magically, everyone is using IPv6.
The reality is that people won't patch their systems, routers will work for eons and nobody wants to replace them, and app vendors are long gone because they don't make money on your legacy app anymore.
This reminds me of arguments about switching to linux. I love GNU and linux of course, but we have a tendency to think of some typical case of an office or home user. But so many people, especially those most likely to care about switching, are atypical. To assume that eveyone needs the same things out of a computer is to turn it into an appliance, which has been shown to completely fail. It ends up that someone has an intricate, delicate system, and nobody in their right mind wants to touch it.
Re:NAT is bad? (Score:3, Insightful)
Re:Another "IPv6 won't be here soon" article... (Score:3, Insightful)
Re:IPv6: Not Ready for Prime Time (Score:3, Insightful)
The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many. Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
Here's an application for you: there are more than 4 billion people on the planet. When we're all hooked up, what do you suggest? Do you really think we'll all be online behind some uber-NAT devices 50 years from now? Have fun using your cell phone/PDA/personal whatever when you and 1000 of your neighbours are all sharing the same IP, and you're using a protocol as complicated as *gasp* FTP (hint: NAT breaks more than it fixes). Really, please share with us what the "shortcoming" of too many address is. Overkill, it may be. But how does it hurt the protocol?
The problem with a 64-bit network prefix is that routing tables become massive. Just do the math and you'll see that extreme amounts of memory are required to hold routing tables.
The whole point of IPv6 addresses is that we can do more EFFICIENT routing, as opposed to the hodge-podge of rules we have today. IPv6 routing is FASTER than IPv4.
This means that downloading stuff will take 3.4% longer.
Wow. A whopping 3.4%. Now, in the real world, a lot of us use MTUs > 1500. So we're talking just over a single percent. Stop the presses! Oh yeah, there's this neat thing called header compression, by the way.
Re:Another "IPv6 won't be here soon" article... (Score:5, Insightful)
This was a weird article... (Score:5, Insightful)
all IPv6 code is untested and therefore insecure
Yes, if you don't count university networks that has been using 6bone for several years now. Read up a bit on 6bone, and you'll see that the primary purpose of it is to function as a testbed for IPv6. But of course, computer scientists aren't really able to find and fix problems in the protocol.
IPv6 makes encourages 'peer-to-peer based copyright violation systems
I won't even comment on this...
Deploying IPv6 means that every application that uses Internet addresses needs to be changed.
However, isn't IPv6 designed to be backwards compatible? I.e. have a separate address space that emulates IPv4? So there isn't an urgent need to switch *now* when it starts getting used? Using the IPv6 stack should not mean an unability to talk with IPv4 clients.
Today, most routers come equipped with special-purpose integrated circuits that can route IPv4 packets very quickly. But because there is no demand for it, those routers don't have similar hardware that can route V6 in hardware
I'll just let him contradict himself:
"The code that lets computers talk on an IPv6-enabled network is now built into the current versions of Windows XP, MacOS, Linux, and many forms of Unix. Every router made by Cisco comes ready to run IPv6. So does every Nokia mobile phone. The whole world is getting dressed up for the IPv6 party."
If they're already implementing software support for IPv6 before it's even starting to get used, doesn't he think this is a sign that the manufacturers are dedicated to bring hardware IPv6 support once it gets even more widely used? If not, he needs to explain why.
He complains about upgrade costs too, which seems to be a concept never heard or experienced by him before, as he seem to be in shock while discussing it.
But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.
True, updated software might get new bugs if they aren't tested properly. What's new? This risk is taken daily by adopters of upgraded or new software.
Re:FUD on Speeds: IPv6 vs IPv4 (Score:2, Insightful)
Also, in IPv6, each packet doesn't get its checksum recalculated at every hop. Only the endpoints calculate it. That should take a heavy load off the routing.
From the article:
But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.
That's a bit of an overstatement. There will probably be very little new code in most applications. After all, all applications call the same IPv6 code on each operating system. What may arise are initial problems with a protocol-stack on certain OSs, but probably no new security problems on the application-level.
Re:Another "IPv6 won't be here soon" article... (Score:3, Insightful)
This is a solution to a problem that nobody has (on par with the spagehtti strainer lid and pot combo). I've never heard of a anyone running out of IPs in the private range.
IPv6 will only take off when (and if) it is needed to solve real problems that cost people money.
IPv6 too late (Score:3, Insightful)
1) Not to be anything like OSI on principle
2) To be conveniently routable on the hardware then typically in use for academic workstations
So frankly, it's no real improvement on IPv4 and failed to consider ways of reducing latency and increasing the robustness of routing in large-scale carrier backbones.
It was too late even back then to consider the great "switch over" because there were just too many autonomous network operators around with no incentive to change unless everyone else did (those of you who knew DECnet Phase IV will remember a magic switch which was supposed to cause your entire network to transition to Phase V: not many customers actually activated it for the same reason).
The future is probably some rather different local area network protocol for all of those home appliances (connecting your PC, iPod, TV, PVR and toaster) and something different again for the long haul.
But it will have to be demand-led.
US MIT not relevant - IPv6 to be consumer driven. (Score:3, Insightful)
When you think consumer gadgets then the US isn't the first country to come to mind - its Japan, Taiwan and China, Malaysia, Korea and the Philippines (in no particular order).
If every gadget gets an IPv6 ip address then its irrlevant what some ex-MIT/Mass commentator thinks. Asian and especially the Japanese with KAME, are sniffing around for another edge that they can get.
Once the millions of games consoles get IP for LAN parties then ISP are going to be driven kicking and screaming into IPv6. Console sales outnumber PC sales so what Microsoft think here is irrelevant (unless its XBox related). Nope, in the same way that GSM eclipsed older analogue Cellular networks (with multi-billion costs in upgrades), then IPv6 will eclipse the older IPv4 and the drive will be consumer gadget driven.
Re:Another "IPv6 won't be here soon" article... (Score:2, Insightful)
1) When it comes to security, Denial of Service (DoS) is a big issue. AFAIK, the IPv6 standard includes mechanisms that reduce the danger of DoS attacks.
2) It's true that with IPv6 many applications have to be revamped, but think it that way: Many IPv4 applications were written without security in mind and again and again pose a threat to attacks. Think of programs like bind8 or the MS IIS. When these programs are revamped, it's likeley that the programmers will right away take steps to avoid security leaks like buffer overflows and the like.
Re:MIT is one to talk (Score:2, Insightful)
IPv6 misguidance - focus on security, service (Score:4, Insightful)
However, given the sad, vulnerable state of security and privacy, I'd expect more authors to expound on the benefits of IPv6's privacy and authentication mechanisms.
Likewise, as more bandwidth is eaten by spam and music downloading, IPv6 addresses quality of service, and better routing and addressing capabilities.
The only two reasons not to go IPv6, at least for intranets, is either espionage agencies oppose increased security and/or a particular large vendor fails to support it well. Maybe there are others. Wireless networks and VPNs are being thrown in all over the place. These are the perfect places to start with IPv6. The other option is NAT, but that will eventually have to be redone when the move is finally made. Kill 2 birds with one stone and install the new VPN or Wireless net with IPv6.
A big reason for us not switching (Score:2, Insightful)
I'd imagine the companies providing these (or any, for that matter) services are trying quite hard not to switch to IPv6, where, if us present-day-consumers don't like how they handle the services, or if the billing for these services isn't what we expect, we can simply do it ourselves and take them right out of the picture. With IPv6, the providers would be forced to listen to their customers or risk not being the providers any more.
Re:MIT is one to talk (Score:3, Insightful)
Re:FUD on Speeds: IPv6 vs IPv4 (Score:3, Insightful)
But then the retransmits would be for the entire path, instead of just between two hops, right?
Re:Another "IPv6 won't be here soon" article... (Score:2, Insightful)
My ISP (RCN) filters ports 80 and 25, for example. Even though I have a real public IP address.
--
Mu
Re:Another "IPv6 won't be here soon" article... (Score:3, Insightful)