U.S. Government to Adopt IPv6 in 2008 284
IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"
Deployed!?! (Score:3, Interesting)
What are the Downsides to IPv6? Anyone? (Score:4, Interesting)
If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.
Thank you.
Flexible IP adresses (Score:2, Interesting)
The downside I can think of is that it will probably be slightly more work (and thus slower) for the machines on the net that reads the address on packets to send them in the right direction (I believe they often do it in hardware). But I think it could be worth it, don't you?
Re:The first (Score:4, Interesting)
You think that's bad. This article mentions getting info to transition to it from the US DoD....and this /. article is the first time I've heard anything about the DoD pushing to transition to IPv6!!!!
Heck...we're rebuilding systems from scratch in some cases post Katrina, and yet nothing is mentioned to us about trying to do anything with IPv6.
Re:Good news, bad news (Score:3, Interesting)
The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.
Several others have already stepped up to the plate and have implemented IPv6. Here are some notes [merit.edu] asked when Comcast did their presentation at NANOG about how their IPv6 migration of their cable modem pools worked.
Good luck (Score:3, Interesting)
Remember GOSIP? (Score:4, Interesting)
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).
The revised date for adoption is never.
The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."
Re:IPv6 Adoption (Score:3, Interesting)
Think Windows Vista
According to Microsoft, Vista will have IPv6 installed and enabled pr. default and will prefer IPv6 over IPv4. Link is here [microsoft.com].
By biggest question on if this is ready is.. (Score:4, Interesting)
IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.
Ada and waivers (Score:3, Interesting)
Re:What are the Downsides to IPv6? Anyone? (Score:5, Interesting)
There is also right now a huge disagreement going on in the background about how to multi-home in IPv6.
The presently-proposed model implies that only big ISPs (plans for at least 200 customers that you'll be allocating space to) can get their own IP space...everyone else has to get space allocated to them from bigger groups. This, predictably, is making the content providers and big enterprises very unhappy, because they're used to (and now require) multiple uplinks to differing ISPs.
The proposed fix for this problem, shim6, has been routinely savaged as a complete non-starter. That's mostly because it's proposing allowing each and every end host to make it's own decisions about what path to take, causing all sorts of uglyness for security devices and traffic engineering.
There presently is no good answer to this, which is why a lot of orgs are holding off on IPv6.Re:What are the Downsides to IPv6? Anyone? (Score:3, Interesting)
The practical upshot is that if the traffic is for that LAN, you need only test the 48 bits for the MAC address. If it is for a node further downstream, there will be a non-zero value in the next byte after your router heirarchy addreess, provided that is NOT within the MAC address. If it is for a node reachable upstream, then one of the bytes within the router heirarchy address will be different (up to an absolute maximum of 8 bytes, which is 2 words on a 32-bit machine or 1 word on a 64-bit system).
IPv6 also does not support packet fragmentation - the network is interrogated to find the largest supported packet from end-to-end, so stateful routing will be unnecessary, reducing the CPU workload. Also, because there are no fragments, packets should be more reliable. In IPv4, if a fragment is lost, the whole packet is resent. This not only increases the opportunities of a packet loss, it also increases the network load on a retransmit, which means a greater chance of packets being lost on the retransmit.
It's interesting to figure out what legacy equiptment out there will prove bothersome. Layer 2 switches won't notice or care. Cisco routers have supported IPv6 for a decade now. Bay - long dead - was also an early adopter, so many of their routers should be IPv6-capable, with no need of any updates. Linux has had IPv6 patches since 2.0.20, and mainstream since 2.1.8. I think IPv6 was added in Solaris 2.5.1. There was an alternative Windows TCP/IP stack by TCP Software that supported IPv6 about 9 to 10 years ago.
All in all, if anyone's complaining about a lack of support, it's NOT because support has been lacking.
I'm a bit surprised (Score:3, Interesting)
There's also always a lot of FUD spread around this matter, and one can find it even in this topic, for example IPv6 increasing routing complexity. IPv6 uses hierarchical address ranges *and* is modularized so there's not just less complexity, but even less *traffic* to route unless using more advanced features of IPv6. After the transition, IPv6 is better for your routers.
NAT's also seem to be a common enough argument against IPv6 that someone should have written a damn "Why NAT's won't solve address space issues" FAQ to uninformed people already. There is something similar [circleid.com] enough for that though.
Anyway, instead of just ranting, here's a document [tcpipguide.com] about some of the changes IPv6 makes. Maybe especially this part [tcpipguide.com] is educative to some.
Re:What are the Downsides to IPv6? Anyone? (Score:4, Interesting)
This means the number of tables for lookups is reduced by 1 and there is no need to do reverse lookups (so there is no latency in such activity). It is also central to the way IPv6 handles mobility, as it means (a) you're guaranteed there is an IP address available for you in the network you join, (b) the host part of the IP address will remain the same, only the network component will change, and (c) because only the network component changes, routers will be capable of re-routing traffic upstream to the new destination with zero packet loss.
(Most mobile IP uses forwarders, but IPv6 was designed from the start to have mobility within the protocol as far as possible and not as a hack.)
Re:What are the Downsides to IPv6? Anyone? (Score:2, Interesting)
Other drawbacks, besides stuffing Cisco full of cash, are:
1) Upgrades required for all end-user software.
2) Large address spaces is human-hostile (think 192.168.45.22 is hard to use? Try 2ee4:43:2001::3e3e:1ea7, and that's a short one)
3) Default IPv6 address will quite likely embed your Ethernet MAC, making all anonymity a thing of the past. This is not mandated by the spec but is often mentioned and used and makes life simpler for admins.
Upsides:
Every single atom in every single dollar bill that Cisco collects can have its own IP address! How sweet is that!
Possibly faster routing. The IP header is simplified and IP checksumming is gone, so IP layer hardware can usually actually go faster despite the larger header. IPv6 routers are also allowed to forgo fragmentation, again making them faster and simpler.
Superior multicast support and death to broadcast. Multicast is used instead of broadcast for ARP.
Improved DNS facilities. Good thing too since the inscrutable addresses means you'll need to put everything in DNS.