Forgot your password?
typodupeerror

U.S. Government to Adopt IPv6 in 2008 284

Posted by timothy
from the they-should-adopt-odf-too dept.
IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"
This discussion has been archived. No new comments can be posted.

U.S. Government to Adopt IPv6 in 2008

Comments Filter:
  • Re:Deployed!?! (Score:5, Insightful)

    by Red Flayer (890720) on Thursday June 22, 2006 @02:47PM (#15584214) Journal
    "If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well."

    The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

    Note how this works in re: MA trying to force open standards for anyone it does business with.
  • Stats on IP usage? (Score:5, Insightful)

    by lawaetf1 (613291) on Thursday June 22, 2006 @02:49PM (#15584226)
    I'm curious as to whether there are any reliable stats out there about the availability of IPv4 address space and how it has changed over time. The widespread adoption of hide-mode NAT has allowed companies, universities and the like to move thousands of computers out of the public address space, freeing up large blocks of public address goodness. Cripes when I think about what I got away with in university, hooking my desktop up to the local LAN, getting a public and ........
  • 2008? (Score:5, Insightful)

    by Billosaur (927319) * <wgrother AT optonline DOT net> on Thursday June 22, 2006 @02:50PM (#15584232) Journal

    As the CIO Council and Office of Management and Budget help map out the June 2008 transition to IP Version 6, perhaps the biggest challenge is that they're entering unfamiliar territory.

    In the newest additions to the IPv6 Transition Guidance, the council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline.

    So the government has a year-and-a-half to meet this deadline? Forgive the cynicism, but given that they have a loose set of guidelines and so many systems that would need conversion, I think they're being a tad optimistic. Kudos for trying this, but I won't be surprised when it takes until 2010.

  • Re:Deployed!?! (Score:3, Insightful)

    by jgs (245596) on Thursday June 22, 2006 @02:52PM (#15584248)
    The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

    Good point, that worked really well with GOSIP [wikipedia.org] which is why we're all using OSI now.

    What, we're not? Hmm.
  • IPv6 Adoption (Score:4, Insightful)

    by digitac (24581) on Thursday June 22, 2006 @02:58PM (#15584283) Homepage
    This is a big step forward for IPv6 adoption, but I think the next major step will be by the cable companies. They want every set-top-box or cable TV to have two way communication and be fully addressable. Where else would they get the address space needed for that? IPv6 solves a lot of the problems they have with addressing that may devices. That will probably be the first way IPv6 gets into most of our homes.

    Digitac
  • Re:Deployed!?! (Score:5, Insightful)

    by 99BottlesOfBeerInMyF (813746) on Thursday June 22, 2006 @03:02PM (#15584311)

    The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.

    Agreed. Who writes this stuff? ISPs already have management networks running IPv6 and big players like Comcast ran out of unique IPv4, for their cable modem pools and have completed their migration to IPv6. China is on the boat and most network gear deals with both just fine. How exactly is the US government going to be on its own here?

  • by Anonymous Coward on Thursday June 22, 2006 @03:04PM (#15584327)
    IPv4 reliable? Just have a remote exploit in Windows, bind or phpBB or whatever, then write your distribution code,

    1.upto(254){ |a|
      1.upto(254){ |b|
        1.upto(254){ |c|
          1.upto(254){ |d|
            TryExploit '#{a}.#{b}.#{c}.#{d}'
          }
        }
      }
    }

    And then have your zombies run this. The exploit would then run this. etc. etc.. and the Internet craps outs.

    Aside: Yes, starting at 1 is wrong, but this is for demonstration purposes only!!!!

    Now, with IPv6, you can't hit another IP address ever using this method. You cannot bring down the Internet like you can with IPv4 because you will never be able to find another active IP address using a random number. And you certainly cannot iterate over the entire IP address space in a few minutes, hours or days.

    You do not need NAT to hide your IP. That's what you have proxies and firewalls are for. Furthermore, you can NAT IPv6 if you really want to. There is no magic behind it.
  • I am not amazingly versed in this issue but several things stand out immediately to anyone who has a little networking experience.

    1. Lots of legacy equipment does not and will never support IPv6. That means...
    2. We will have a whole bunch of IPv4 to IPv6 gateways. This will be absolutely necessary. We have them now, of course, but not so many of them. You think NAT is a PITA when you have IPv4 on both sides of the wall? Try it with different protocols. You're going to have fun!
    3. IPv6 addresses are four times the size of IPv4 addresses. That means additional computation is necessary to handle the simplest IP tasks (routing.) Doing the comparison to find out if a packet is yours on a 32 bit system can take as many as four comparisons, whereas with IPv4 it was only one.
    4. IPv4 software is mature, IPv6 software is comparatively untested. GUIs need to be developed for configuration, and all the software has to be developed. A lot of software has IPv6 support, but hasn't really been hammered on in that way, simply because practically no one is using IPv6. There will be significant fallout.
    5. IPv6 may be simpler, but retraining will still be necessary. Lots of people have spent literally decades getting used to TCP/IP, learning all its ins and outs, and figuring out how to make it do the right thing. IPv6 is allegedly more intelligently designed, but there will still be gotchas.

    I'm sure someone with a little more knowledge, and/or a little more imagination, can come up with others.

  • by Arthur B. (806360) on Thursday June 22, 2006 @03:13PM (#15584377)
    Yes but NAT is evil, it's a dirty hack. Plus NAT is changing the face of the internet, clearly separating content provider and producers. Sure you can host your blog anywhere now, but what about censorship ? If things such as darknets, freenets, etc become needed NAT will be a major annoyance.
  • Re:Deployed!?! (Score:2, Insightful)

    by Tempest451 (791438) on Thursday June 22, 2006 @03:13PM (#15584379)
    Believe that! When the Goverment (read Military) goes IPv6, half the corporate US is going too.
  • Re:IPv6 Adoption (Score:3, Insightful)

    by gbjbaanb (229885) on Thursday June 22, 2006 @03:13PM (#15584383)
    Na, it'll be when MS issues a critical update that accidentally switches your network stack to use IPv6 .... :-)

    Perhaps this is what it would take to get IPv6 in place - MS to say 'we will stop supporting IPv4 in a year's time'. Watch all the computer companies scramble to update their software (and hardware - obviously you'll need to buy the updated versions) and then it'll happen. Otherwise, we're going to be stuck with IPv4 for a very long time to come.
  • by Sloppy (14984) on Thursday June 22, 2006 @03:18PM (#15584421) Homepage Journal

    The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.

    The bad news: Wait a minute. "Them?" Oh shit, it's the US government. I'm a US citizen. Argh, that's my expense. D'oh!

  • Re:IPv6 Adoption (Score:3, Insightful)

    by Breakfast Pants (323698) on Thursday June 22, 2006 @03:20PM (#15584430) Journal
    Unless the boxes are going to be communicating with each other that is a total nonissue. You can communicate behind NAT with anyone else 2-way; as long as they aren't also behind NAT.
  • by cmason (53054) on Thursday June 22, 2006 @03:20PM (#15584434) Homepage
    Got away with? Cripes, this is how the internet is supposed to work. Goddamn NAT. Grr.

    -c

  • Re:IPv6 Adoption (Score:2, Insightful)

    by Abcd1234 (188840) on Thursday June 22, 2006 @03:22PM (#15584442) Homepage
    Uhh, the cable cos can, and already do, use private address spaces for their settop boxes, and this is the way it'll stay. There's no way a cable company will want their DSTB population externally reachable. As such, the IP address shortage is a non-issue for them.
  • by convolvatron (176505) on Thursday June 22, 2006 @04:17PM (#15584769)
    there was actually a perfectly good answer to this proposed by deering.
    geographic addressing. it was unnecessarily denounced as anti-provider
    and socialist.
  • Re:IPv6 Adoption (Score:3, Insightful)

    by Kadin2048 (468275) <slashdot.kadin@x[ ].net ['oxy' in gap]> on Thursday June 22, 2006 @04:25PM (#15584825) Homepage Journal
    As for desktop computers, being addressable doesn't help for anything except profitless peer-to-peer applications.
    I agree with your first point (about cable boxes) -- the boxes are as addressable right now as the cable companies want or need them to be. But this latter thing I disagree with. VoIP is notoriously difficult to pass through NAT (I'd bet that if you go onto some Vonage user forums, questions about NAT are all over the place), and represents a "killer app" for IPv6 as much as anything. UPnP has made this easier, but it's still problematic if you want to have two VoIP ATAs on one home network or small business network, for which right now you're only issued one IP.

    Streaming video and Video-over-IP is going to make this even a bigger challenge: suppose you want to do IP video, and watch a different channel on one TV than you do on another? With only one externally-facing IP address, this could be quite a challenge; all the kludges that you'd need to make something like this function through NAT go away when you have IPv6 and every device in the house can be globally addressable (if you want it to be--people are still going to want firewalls, obviously). Same with multiple SIP streams. Even if you can get a SIP phone working through NAT, it becomes almost exponentially more complex to add another SIP ATA (say you wanted to have more than one "line"). Unless you can tell the headend to route the second line to a different port on your one externally-facing IP address, and then tell the NAT box to route that to a different internal IP, you're out of luck. People are going to want to do stuff like that as the technology becomes more mature.

    The cable TV companies aren't going to be very interested from the video perspective, but they might be interested because of the voice possibilities, and the telephone companies who want to deliver video over IP might see easier implementations with IPv6 as well.

    More than all this though are the "killer apps" that we don't even know about right now, and that we'll never know about without IPv6 and heavily wired, addressable homes. There are all sorts of neat things that we can't do now, or are hard to do (which is bascially the same thing if you're Joe User) that become a lot easier when everything has a unique address. To say that there aren't any benefits from switching to IPv6 is to say that we can imagine all the possibilities that might arise when the capabilities exist, and that to me is a bit of an arrogant statement. (Note I'm not saying you said that, but I see it as an implicit assumption in a lot of other anti-IPv6 blanket statements.)
  • by Lauritz (146326) on Thursday June 22, 2006 @04:29PM (#15584870)
    Just like the space of possible e-mail addresses is to large to iterate over, and it therefore is infeasible to create an exploid that propagates via e-mail?
  • Re:IPv6 Adoption (Score:5, Insightful)

    by Olmy's Jart (156233) on Thursday June 22, 2006 @04:34PM (#15584903)
    That is sooo funny because it's sooo blatently wrong. Dead opposite, dead wrong.

    Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" [nanog.org]http://www.nanog.org/mtg-0606/pdf/alain-durand.pdf [nanog.org] . Their situation is dire just with managing HSD "high speed data" devices (aka cable modems) already and going to get MUCH worse with their "triple play" deployment. Since they are management addresses, NAT is impractical, whether it's externally accessible or not. They don't have a choice. IPv6 is the only practical answer for them.

    Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.

    You loose. Thank you for playing.
  • by broward (416376) <browardhorne@GIR ... minus herbivore> on Thursday June 22, 2006 @04:51PM (#15584994) Homepage
    Interest in IpV6 has stagnated since 2001.

    If the U.S. Government is about to push a major IpV6 initiative, there could be some money to be made here.

    http://www.realmeme.com/roller/page/realmeme?entry =ipv6_meme_flatlined_for_five [realmeme.com]
  • Re:Favorite part (Score:3, Insightful)

    by TCM (130219) on Thursday June 22, 2006 @04:59PM (#15585046)
    Of course this is all theoretical because large chunks of the address space are "wasted" - no, scratch that, read "used" - to prevent fragmentation, i.e. end users always get a /48 network. The smallest subnet is /64 etc.

    With IPv4 there are users who could have a /29 net or a /24. Two /29 users could be adjacent and have their first 3 octets of the address match. This complicates routing, because this simple example already doubles the routing table at the upstream router.

    With IPv6 you take the first 48 bits and those always point to a unique end user. Any smaller subnet is going to be handled by this user's router, so routing tables just became a lot smaller, even if the addresses are four times as large.

    This "anti-fragmentation" of course consumes chunks of address space without using every one of those addresses. Of course users could do with, for example, /104 networks in IPv6 and still have plenty of addresses. But it's specifically not done for the above reasons.
  • by Anonymous Coward on Thursday June 22, 2006 @05:15PM (#15585159)
    IBM is holding 9.0.0.0/8 which it practically does not use

    Not true. IBM uses 9.0.0.0/8 internally for practically everything. All they have to do is publish routes and open the firewalls and their Intranet becomes Internet.
  • by Detritus (11846) on Thursday June 22, 2006 @05:32PM (#15585264) Homepage
    As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements.

    Setup a firewall, which is the proper way of doing it in the first place. The security benefits of NAT are incidental, not intentional. NAT also makes it difficult for network administrators to diagnose and isolate network problems.

  • Comcast IPv6 Plans (Score:3, Insightful)

    by The Ego (244645) on Thursday June 22, 2006 @05:51PM (#15585375)
    See this mailing list message [merit.edu], which points to this PDF presentation [nanog.org].
  • by AnyoneEB (574727) on Thursday June 22, 2006 @10:09PM (#15586819)
    Cisco thinks we need new routers. Color me surprised.

[Crash programs] fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. -- Wernher von Braun

Working...