U.S. Government to Adopt IPv6 in 2008

IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"

Deployed!?!

[Anonymous Coward]

Wouldn't IPv6 basicly be deployed when 51%> adopt it? If the commercial world doesn't accept it then the goverment will be on it's own and that won't fly too well.

What are the Downsides to IPv6? Anyone?

[Banner]

I haven't had the time yet to read over the specs and try to figure out what the downsides and hassles for the rest of us will be with IPv6, but I'm sure there are slashdotters out there who have taken the time to figure out where the problems and issues are.

If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.

Thank you.

Flexible IP adresses

[Bromskloss]

How about having a scheme like the following: If I have, say, the single address 111.222.333.444 (it's not a valid IP address, I know), and have more than one thing I want to plug in, I just append another dot and create a new sublevel. I get 111.222.333.444.1, 111.222.333.444.2, etc. There is no limit to it.

The downside I can think of is that it will probably be slightly more work (and thus slower) for the machines on the net that reads the address on packets to send them in the right direction (I believe they often do it in hardware). But I think it could be worth it, don't you?

Re:The first

[cayenne8]

"Now if only someone would slap around ComCast and get them using IPv6 natively.. or all USA ISPs for that matter.."

You think that's bad. This article mentions getting info to transition to it from the US DoD....and this /. article is the first time I've heard anything about the DoD pushing to transition to IPv6!!!!

Heck...we're rebuilding systems from scratch in some cases post Katrina, and yet nothing is mentioned to us about trying to do anything with IPv6.

Re:Good news, bad news

[99BottlesOfBeerInMyF]

The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.

Several others have already stepped up to the plate and have implemented IPv6. Here are some notes [merit.edu] asked when Comcast did their presentation at NANOG about how their IPv6 migration of their cable modem pools worked.

Good luck

[blamanj]

I hope it goes more efficiently than our switch to the metric system [nist.gov].

Remember GOSIP?

[KenSeymour]

I remember when the government mandated the switchover from TCP/IP to ISO protocols. The acronym for that was GOSIP.
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).

The revised date for adoption is never.

The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."

Re:IPv6 Adoption

[kbnielsen]

> Na, it'll be when MS issues a critical update that accidentally switches your network stack to use IPv6 .... :-)

Think Windows Vista :)

According to Microsoft, Vista will have IPv6 installed and enabled pr. default and will prefer IPv6 over IPv4. Link is here [microsoft.com].

By biggest question on if this is ready is..

[kesuki]

Which firewalls can currently be used to filter, log, and block ipv6 traffic?

IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.

Ada and waivers

[tcopeland]

I suspect this will be about as successful as the DOD's old policy of only doing development in Ada. Let the waiver requests begin!

Re:What are the Downsides to IPv6? Anyone?

[gclef]

There is also right now a huge disagreement going on in the background about how to multi-home in IPv6.

The presently-proposed model implies that only big ISPs (plans for at least 200 customers that you'll be allocating space to) can get their own IP space...everyone else has to get space allocated to them from bigger groups. This, predictably, is making the content providers and big enterprises very unhappy, because they're used to (and now require) multiple uplinks to differing ISPs.

The proposed fix for this problem, shim6, has been routinely savaged as a complete non-starter. That's mostly because it's proposing allowing each and every end host to make it's own decisions about what path to take, causing all sorts of uglyness for security devices and traffic engineering.

There presently is no good answer to this, which is why a lot of orgs are holding off on IPv6.

Re:What are the Downsides to IPv6? Anyone?

[jd]

Wrongo on the routing. The last 48 bits are reserved for the node's MAC address and the first 16 bits are reserved for the type of traffic. The rest is heirarchically defined by the router. (The router advertisment is done via RADV and the address is discovered by the machine from that advertisment).

The practical upshot is that if the traffic is for that LAN, you need only test the 48 bits for the MAC address. If it is for a node further downstream, there will be a non-zero value in the next byte after your router heirarchy addreess, provided that is NOT within the MAC address. If it is for a node reachable upstream, then one of the bytes within the router heirarchy address will be different (up to an absolute maximum of 8 bytes, which is 2 words on a 32-bit machine or 1 word on a 64-bit system).

IPv6 also does not support packet fragmentation - the network is interrogated to find the largest supported packet from end-to-end, so stateful routing will be unnecessary, reducing the CPU workload. Also, because there are no fragments, packets should be more reliable. In IPv4, if a fragment is lost, the whole packet is resent. This not only increases the opportunities of a packet loss, it also increases the network load on a retransmit, which means a greater chance of packets being lost on the retransmit.

It's interesting to figure out what legacy equiptment out there will prove bothersome. Layer 2 switches won't notice or care. Cisco routers have supported IPv6 for a decade now. Bay - long dead - was also an early adopter, so many of their routers should be IPv6-capable, with no need of any updates. Linux has had IPv6 patches since 2.0.20, and mainstream since 2.1.8. I think IPv6 was added in Solaris 2.5.1. There was an alternative Windows TCP/IP stack by TCP Software that supported IPv6 about 9 to 10 years ago.

All in all, if anyone's complaining about a lack of support, it's NOT because support has been lacking.

I'm a bit surprised

[Jugalator]

Given how many problems with IPv4 this new revision solves and that a thorough look was taken at the protocol in its entirety, of all things, I'm surprised *geeks* usually just try to find reasons to not like it. Sure, admins may need to retrain, and there'll be infrastructure costs, but since when did geeks stop looking at positive evolution as being bigger than these things?

There's also always a lot of FUD spread around this matter, and one can find it even in this topic, for example IPv6 increasing routing complexity. IPv6 uses hierarchical address ranges *and* is modularized so there's not just less complexity, but even less *traffic* to route unless using more advanced features of IPv6. After the transition, IPv6 is better for your routers.

NAT's also seem to be a common enough argument against IPv6 that someone should have written a damn "Why NAT's won't solve address space issues" FAQ to uninformed people already. There is something similar [circleid.com] enough for that though.

Anyway, instead of just ranting, here's a document [tcpipguide.com] about some of the changes IPv6 makes. Maybe especially this part [tcpipguide.com] is educative to some.

Re:What are the Downsides to IPv6? Anyone?

[jd]

In IPv6, the MAC address is kept in the ethernet frame but also in the low 48 bits of the IP address. Thus, routers do not need to have an ARP lookup table to get the MAC address - they can simply copy-and-paste from the IP address in the packet (for the final step) or the IP address of the next router in the path (for all other steps).

This means the number of tables for lookups is reduced by 1 and there is no need to do reverse lookups (so there is no latency in such activity). It is also central to the way IPv6 handles mobility, as it means (a) you're guaranteed there is an IP address available for you in the network you join, (b) the host part of the IP address will remain the same, only the network component will change, and (c) because only the network component changes, routers will be capable of re-routing traffic upstream to the new destination with zero packet loss.

(Most mobile IP uses forwarders, but IPv6 was designed from the start to have mobility within the protocol as far as possible and not as a hack.)

Re:What are the Downsides to IPv6? Anyone?

[zizzo]

The single greatest drawback is that it is not compatible with IPv4, mandating huge purchases of new equipment. That's why Cisco is pushing for it; they stand to make billions. This isn't a bad plan for them but they have to sell the idea to everyone. The IP space "crisis" is just the tool to do that.

Other drawbacks, besides stuffing Cisco full of cash, are:

1) Upgrades required for all end-user software.

2) Large address spaces is human-hostile (think 192.168.45.22 is hard to use? Try 2ee4:43:2001::3e3e:1ea7, and that's a short one)

3) Default IPv6 address will quite likely embed your Ethernet MAC, making all anonymity a thing of the past. This is not mandated by the spec but is often mentioned and used and makes life simpler for admins.

Upsides:

Every single atom in every single dollar bill that Cisco collects can have its own IP address! How sweet is that!

Possibly faster routing. The IP header is simplified and IP checksumming is gone, so IP layer hardware can usually actually go faster despite the larger header. IPv6 routers are also allowed to forgo fragmentation, again making them faster and simpler.

Superior multicast support and death to broadcast. Multicast is used instead of broadcast for ARP.

Improved DNS facilities. Good thing too since the inscrutable addresses means you'll need to put everything in DNS.