Forgot your password?
typodupeerror

U.S. Government to Adopt IPv6 in 2008 284

Posted by timothy
from the they-should-adopt-odf-too dept.
IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"
This discussion has been archived. No new comments can be posted.

U.S. Government to Adopt IPv6 in 2008

Comments Filter:
  • by Midnight Thunder (17205) on Thursday June 22, 2006 @02:58PM (#15584285) Homepage Journal
    Anyone not having access to an IPv6 network, say because you are behind a NAT, and are wanting to try out IPv6, because it is in your blood to do so, I recommend giving Miredo [simphalempin.com] a go. If I suggest this one over other solutions, is because of the number of platforms supported (including, Linux, Windows, MacOS X, BSD). There is Freenet6, but it won't work from behind my NAT with MacOS X.
  • by schon (31600) on Thursday June 22, 2006 @03:01PM (#15584304)
    There's no place like ::1

    There's no place like localhost??!!?!?!?!

    Sorry, never heard that one before.

    Perhaps you meant "There's no place like ~/"
  • Re:2008? (Score:5, Informative)

    by Mariner28 (814350) on Thursday June 22, 2006 @03:02PM (#15584306)
    Actually, the DoD is transitioning to IPv6 capability by 2008, and yes, there's no way all systems will be capable of supporting IPv6, let alone transitioning to IPv6 exclusively, by then. So as systems, and more importantly - applications, are upgraded over time, they will get there.

    Ironically, it's not the government that's dragging its feet - it's the contractors. You'd think they've never heard of IPv6 before, even though every contract written in the last year or so is supposed to contain a clause stating that the system/application delivered under that contract will support IPv6...

  • by Wesley Felter (138342) <wesley@felter.org> on Thursday June 22, 2006 @03:12PM (#15584367) Homepage
    Yes, several analyses of IPv4 address usage over time have been made, although they don't agree with each other:

    Geoff Huston (2003) [potaroo.net]
    Tony Hain (2005) [cisco.com]
  • by Wesley Felter (138342) <wesley@felter.org> on Thursday June 22, 2006 @03:18PM (#15584413) Homepage
    Virtually every application and router must be updated to support IPv6.
    Addresses are longer and harder to remember.
    Packet headers are larger, so less data fits in each packet.
    Multihoming still hasn't been sorted out.
    Certain default configurations allow anyone to see your MAC address and thus track your computer more easily (but fixes for this are known).
    Administration of a dual-stack network may cost almost twice as much as administration of a pure IPv4 network.
  • by Abcd1234 (188840) on Thursday June 22, 2006 @03:19PM (#15584422) Homepage
    IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.)

    Uhh... what? One of the big advantages of IPv6 over IPv4 is that it will make routing *easier*, thanks to the hierarchical address space.
  • by Intron (870560) on Thursday June 22, 2006 @03:22PM (#15584440)
    According to IANA [iana.org], there are some big blocks of wasted space out there:
    • BBN has three entire class A
    • HP+DEC has two entire class A (isn't it interesting that they were side by side?)
    • Halliburton has their own class A
    • multicast reserves 16 x class A but is largely unused

    Remember that a class A contains 16M addresses.
  • by shakuni (644197) on Thursday June 22, 2006 @03:34PM (#15584518)
    http://www.cisco.com/web/about/ac123/ac147/archive d_issues/ipj_8-3/ipv4.html [cisco.com]

    try this link. It is a logical analysis of the state of IPv4 address space (it is all /8 based though). It also has a link to another report which has a different view on space exhaustion.

    regards
  • by kbnielsen (835429) on Thursday June 22, 2006 @03:39PM (#15584553)
    For a long time, it has been predicted by various studies that we would run out of IPv4 addresses around 2010, based on the comsumption rate after introduction of NAT's and the changes made by CIDR (RFC 1817).

    However, a more recent study [cisco.com] by Cisco and others argue that we might be running out of addresses as soon as 2008 if the current consumption rate holds up. And with major pushes for 3. world countries to enter into the tech sector, my guess is that it is not a totally invalid assumption. They also argue how long the reclaiming of existing class A (or /8 in CIDR notation) networks would prolong the time where the IPv4 address space is exhausted.

    There are also lots of problem by using the D and E class networks for general putpose traffic, since the D class is classified as experimental and E as broadcast, and so it cannot be guaranteed that all equipment can handle these addresses or will even allow these addresses to be used, since previously it would have been a configuration mistake to use these (especially the D class) addresses...
  • by arivanov (12034) on Thursday June 22, 2006 @03:43PM (#15584578) Homepage
    There is a tremendous waste of space all over the place, not just class thos few class As you mention.

    As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements. This is done so that the "usage is not reduced" so that the overall university allocation is still justified.

    While at it, IIRC the aforementioned Bruker as a class B which is not used for anything but to give semi-unique addresses to different components of Lab machinery which sit on internal networks worldwide. Classic abuse of public address space for what amounts to textbook RFC 1918.

    IBM is holding 9.0.0.0/8 which it practically does not use, There is a huge block in the high /8 area which is unused and reserved for edu.

    The only place where there is some IPv4 address shortage are the APNIC blocks. RIPE and especially ARIN still have plenty of address space to go around even without going and starting to ask people like IBM if they actually use those class As.
  • by TCM (130219) on Thursday June 22, 2006 @03:46PM (#15584598)
    However, comparing a packet's address to a target address involves four times as many bits in IPv6 as in IPv4.
    Wrong. Wrong. Wrong! Do you think the target address is scattered randomly through every packet? No, it has a fixed place in the header.

    Additionally, there are less options in IPv6, making the logic to analyze a packet even more simple than for IPv4.

    Random Google result:

    The improved routing, or movement of information from a source to a destination, is more efficient in IPv6 because it incorporates a hierarchal addressing structure and has a simplified header. The large amount of address space allows organizations with large numbers of employees to obtain blocks of contiguous address space. Contiguous address space allows organizations to aggregate addresses under one prefix for identification on the Internet. This structured approach to addressing reduces the amount of information Internet routers must maintain and store and promotes faster routing of data. In addition, as shown in figure 5, IPv6 has a simplified header because of the elimination of six fields from the IPv4 header. The simplified header also contributes to faster routing.
    http://www.cybertelecom.org/dns/Ipv6.htm [cybertelecom.org]

    If you keep spreading FUD instead of doing a simple Google search we will never get IPv6.
  • by TCM (130219) on Thursday June 22, 2006 @03:59PM (#15584672)
    Sorry, I must have misread something. But I still think this is FUD.

    Yes, the address is four times as long, but since many checks for valid options can be removed and routing tables are going to get smaller, the additional overhead is small or non-existent, maybe even negative. What is a simple check of an address against a table of addresses with a (now fixed!) mask compared to the complex logic to verify the validity of 6 additional options?
  • by TCM (130219) on Thursday June 22, 2006 @04:07PM (#15584703)
    IPv6 addresses are not cryptographic keys, even if their space is as big. Relying on the ability to "hide" in the address space is so bad, you shouldn't even begin thinking about it. Better keep your services up-to-date and secure.

    Also, IPv6 NAT should never ever see the light of day.
  • Re:The first (Score:5, Informative)

    by lgw (121541) on Thursday June 22, 2006 @04:21PM (#15584793) Journal
    Not to mention they'd piss off a bunch of home users who would have to replace all their equipment (routers and such) with IPV6 hardware. There's probably a lot of people still running OSes that don't support IPV6.

    Where did DavyGrvy mention turning off IPv4? They work together, you know. Do even Slashdotters not understand that adding IPv6 to a network does nothing to reduce IPv4 connectivity? It's win-win.

    IPv6 tunnels over IPv4. IPv4 tunnels over IPv6. Machines running IPv4 can talk to machines running IPv6. Machines running IPv6 can talk to machines running IPv4.

    IPv6 still has issues, to be sure, but interoperability with IPv4 isn't one of them.
  • by lgw (121541) on Thursday June 22, 2006 @04:38PM (#15584929) Journal
    The byte size of the address is a complete non-issue in networking hardware. The part of networking that is hard is not the part where you compare a string of bytes.

    The real issue is that IPv6 was supposed to provide a heirarchical address scheme to simplify routing, but hasn't actually done so. Global addresses are just a flat number. Site local addresses completely failed to address the issue, and have been deprecated without even a suggested replacement. Link local addresses aren't useful for much beyond auto-configuration. There are clearly enough bits to work with, but no useful RFC yet.

    IPv6 multicast will be neat, however, in a decade or two when you can count on it being available.
  • by TCM (130219) on Thursday June 22, 2006 @05:20PM (#15585195)
    This is not Windows, but NetBSD had IPv6 since 1999 and still has the most complete IPv6 stack. The included packet filter(s) handle IPv6 just as well as IPv4 and have done so for at least some years now.

    And besides, I wouldn't connect Windows directly to the network in any case. It likes to trip over and salivate like a small child. Better use a real system to protect it.
  • Re:Favorite part (Score:3, Informative)

    by Jerf (17166) on Thursday June 22, 2006 @05:22PM (#15585209) Journal
    My favorite part is when I heard about IPv6 in college, they had calculated that there would be enough addresses for 10 IPv6 devices for every square foot of the planet!

    Oh, goodness me, are you ever off. Earth's area is 5.1e14 square meters [vendian.org]. 2**128 ~= 3.4e38. 3.4e38 / 5.1e14 = 6.7e23 IPv6 addresses per square meter. For square feet, call it 6e22 addresses per square foot. (1 square meter's pretty close to 10 square feet [google.com].)

    So, you're off by a about 21 and a half orders of magnitude. That's not even close by astronomical standards. :) You'll forgive me for not carrying more significant digits around.

  • by Drishmung (458368) on Thursday June 22, 2006 @05:45PM (#15585342)
    Fair point, but wrong example. localhost in IPv6 is ::1
  • by Wesley Felter (138342) <wesley@felter.org> on Thursday June 22, 2006 @05:47PM (#15585358) Homepage
    Some people are concerned that when a host moves to a different subnet, it could still be tracked because the host part of the address remains the came. In IPv4 there is no simple way to track a host across subnets.
  • by Wesley Felter (138342) <wesley@felter.org> on Thursday June 22, 2006 @05:52PM (#15585385) Homepage
    In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).

    This is not correct; such a scheme would not support manually-assigned addresses, privacy addresses, or cryptographically-generated addresses. IPv6 has neighbor discovery (and its cache) just like IPv4 has ARP.
  • Re:A simple question (Score:3, Informative)

    by TCM (130219) on Thursday June 22, 2006 @08:38PM (#15586386)
    Can you get Slashdot over a pure IPv6 connection?
    If Slashdot bothered to get IPv6 connectivity, then yes.

    I could do that for www.sixxs.net, www.kame.net and every host that already has IPv6 connectivity. So "we" are not getting anywhere with IPv6 because it doesn't work because the big sites don't bother because IPv6 isn't anywhere yet. Nice way to get nothing done ever.

    If I send my buddies e-mail, most of the time everything is IPv6 only, including DNS lookups, although DNS transport over IPv6 isn't really common yet.

    Some people are indeed sitting on IPv6 and wondering when the rest will follow.

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant

Working...