Proposed IPv6 Cutover By 2011-01-01

IO ERROR writes "An internet-draft published this month calls for an IPv6 transition plan which would require all Internet-facing servers to have IPv6 connectivity on or before January 1, 2011. 'Engineer and author John Curran proposes that migration to IPv6 happen in three stages. The first stage, which would happen between now and the end of 2008, would be a preparatory stage in which organizations would start to run IPv6 servers, though these servers would not be considered by outside parties as production servers. The second stage, which would take place in 2009 and 2010, would require organizations to offer IPv6 for Internet-facing servers, which could be used as production servers by outside parties. Finally, in the third stage, starting in 2011, IPv6 must be in use by public-facing servers.' Then IPv4 can go away."

I am not trying to troll right now but...

[techiemikey]

who is this guy and why does he control what happens with my internets?

Yeah, that'll happen

[Anonymous Coward]

Remind me again what authority the IETF actually has?

Oh yeah, none. They create specs, then people half-implement them, and nothing changes.

Just like the change to digital TV. It might be a better broadcast system, but without the government forcing people to change, it wouldn't have happened otherwise. IPv6 just doesn't offer anything sufficiently valuable over IPv4, so people won't bother to change.

Re:I am not trying to troll right now but...

[deftcoder]

He sounds like an author of fiction to me...

If I see IPv6 implemented worldwide in my lifetime, I'll be really surprised.

Public facing web servers?

[Corporate Troll]

Huh? What is a public facing web server? I mean my "server" on my DSL machine that runs apache and some other nifty stuff is public facing. All machines that have an IP address are public facing for crying out loud! Sure, mine only has a domain name associated to it by dyndns but for Joe Sixpack that doesn't make a difference. For all intents and purposes I have a "public facing webserver".

There is no difference between my IP address and the IP address of Amazon, except that their reverse DNS lookup matches ;-)

Re:not ready for prime time

[Da Fokka]

The larger address does allow for autoconfiguration. Apparently DHCP is not doing a good job at it.

missing one thing

[badfish99]

This is a great plan for switching over to IPv6. It's full of things that everyone MUST do. It's just missing one thing: if everyone ignores the plan and does nothing instead, how is it going to be enforced?

Re:Public facing web servers?

[Col. Klink (retired)]

What's so hard to understand? Yes, you're web server faces the public. I, however, have several web servers at my organization that are NOT accessible to the public. If I want to keep them that way behind my firewall, I'd be free to do so under this plan.

Not all machines with IP addresses are public facing (cf. http://en.wikipedia.org/wiki/Private_network [wikipedia.org]).

Heh!

[sheriff_p]

I love how the guy uses the word 'must' and 'Internet' in the same sentence!

Comment removed

[account_deleted]

Comment removed based on user account deletion

I think you're missing the point

[frovingslosh]

It's not a question if the new spec should be that large (it should, but that's not the issue). It's if we need a new spec at all. If you acknowledge that we need a new spec, IPv6 seems to be it. And it would be absurd to come up with some short sighted spec with smaller addresses just to get caught with limits again.

Also, don't fall into the all too common trap of looking at how large 2 to 128 is and thinking that ipv6 really provides that many unique addresses. You have to look at how the bits are used, the number of useable Internet addressable devices is much smaller. Perhaps even around the size you may be thinking we need. A new addressing system can provide some nice new features. Imagine the benifit of having a portable IP addres that is yours no matter what network you connect to or where in the world you move. Kind of like having a real truly portable telephone number. As all communication merges into IP address this will be both handy and important.

None of this should be taken to imply that I support the absurd cut over schedule in this thread. But there are some nice things designed in ipv6 and it will be a positive thing if the convesrion is done right, not switched over in a mad rush.

Re:IPv6 PI needs sorting out first

[igjeff]

Uhm...perhaps you're under a different RIR than I am, but my company has PI IPv6 space (North America), and working great (within the constraints that we're not fully deployed for IPv6 internally, yet, but that's in progress...we can ping6 from our border routers and such, so we've got the first building blocks in place and are moving forward with more).

Re:not ready for prime time

[macmastery]

"64 bits ought to be enough for anybody!"
                                                                                                                      - Bill Gateways

What about IT staff training?

[mr_da3m0n]

I name myself as an example. I consider myself relatively knowledgable about IPv4 in general. Subnetting, supernetting how-nat-works the cisco-vs-the-world layout of a datagram and all the required things to know when you work as a network enginner.

But please humor my candor here for a moment, I have no clue how IPv6 works. At all. I know what an IPv6 address looks like, and that's about it. I also have a vague superficial concept of what is a 6to4 gateway.

But I have no idea how it is scoped, how it is routed, how it is laid out, or basically anything.

The short answer is "buy a book", of course. Which I will do. Even take a class if necessary. Training is good, right? But has anyone thought of the implications in the enterprise? I have a few clients right now where I don't see their network admins understanding that change immediately. I know, bad admins, change them, or train them... But still.

It vaguely worries me in a strange way. Like you know, as a child, seeing a small frog cross the road and being actually fascinated by what might happen, yet still uncomfortable at that idea.

I'm just rambling. I guess my point that this is a massive technology change, and I'm just vaguely afraid of either not being able to keep up, or seeing people around not keeping up at all.

So, right now seems like a good time to start reading up on it.

Re:I am not trying to troll right now but...

[AGMW]

What I don't understand is why the IPv4 address space isn't mapped conveniently into the IPv6 address space (the first set of addresses ... ie 000.000.000.. ... then you can run both "internets" side by side. The major intenet trucks etc could be upgraded first (as required or as h/w gets old and needs replacing anyway), etc, until it is your choice if you want to see or use an IPv6 address, if you do, you just need to upgrade your end, and if you want to wait a bit, that can be your call!

But I must be missing something?

been there done that

[frovingslosh]

Yea, for the few who just want to run an operating system, that an interesting choice. You can install and run Linux, and learn first hand why so many people get frustrated by it.

But if the OS is only a means to and end, and what you care about is running useful applications rather than just an OS, then you may want to run an OS that suports the applications that you run. I've seen wine, I've tried it, it is not a viable solution for most windows applications.

I've been using Linux on one of my systems for years. I still get frustrated by the learning curve. But I still run Windows on several other systems (including a Win98 system that I'm posting through now), because they run the software that I need to run to do the things that I want to do and to be compatable with the rest of the people that I interact with. A forced quick switch to ipv6 will not be a boon for Linux. People may try it, but will quickly realize that they have to switch away from it if they actually want to get anything done. And then they will be far less likely to ever come back. The best thing for Linux would be a slow transistion to ipv6 that allows it more time to mature and grow a user base, not a rushed cut over that will sour users to it if they try it at all.

Re:Yeah, that'll happen

[mrogers]

They create specs, then people half-implement them, and nothing changes.

That's exactly the problem with the IETF today. Back in the good old days they half-implemented things and then wrote the specs.

Re:not ready for prime time

[fyngyrz]

"...niggers..."

Political correctness: The peculiar idea that one can pick up a turd by its clean end.

It's urban dialect [wikipedia.org]. Nothing to get excited about (nothing to write to dictionary manufacturers and insist it be included, either.)

From the consumer standpoint, a cable/DSL modem or router with IPV4 in the house / business to IPV6 out on the net will keep most of the pain (other than a financial hit) away until or unless IPV6 is actually needed on the local side of the hardware; the router can handle the details, such as they are.

As for the address space, the argument about number of addresses per square meter of the earth seems quite shortsighted. How many addresses per unit space are used when you add every square meter of the surface of every planet and moon? How many when you add the asteroids? How many when you add every cubic meter of open space inside the solar system? For that matter, what's the IP of a probe sent to Arcturus, as opposed to those sent to Sirius?

Might as well get it over with now. It isn't like we can't speed up the infrastructure, anyway. Especially in the US; we could actually use a little pressure to get things moving somewhat more reasonably.

Re:And what of my current NAT routing

[igjeff]

If they're a halfway clueful ISP, yes, you'll get more than one IPv6 address at your home. And, no, hopefully there will not be NAT in IPv6 world (someone will probably do it, but its stupid, "Just Say No to NAT"). NAT is evil crap, it breaks things for no real benefit (other than IP address conservation, which isn't needed in IPv6 world). NAT doesn't provide any security, stateful packet inspection and firewalling provides security (NAT provides the illusion of security because stateful inspection and firewalling is required for dynamic NAT to work). Mangling IP address only breaks things, it doesn't actually provide you any protection. If you don't believe me, set your NAT device "DMZ host" to your PC and watch your PC get pwned in a matter of minutes just as if it were not behind the NAT device. Mangling the IP addresses doesn't protect you from anything, it just breaks protocols that need to signal IP address endpoints such as VoIP, IM file transfers, and the like.

NAT is evil, it needs to die.

Re:not ready for prime time

[Midnight Thunder]

So, what you're saying is, 512k is enough for anyone?

Nah, nothing is enough for anyone.

IPv6 - a dead man walking

[Anonymous Coward]

Here's an alternative approach:
1) by 12/30/2007, the IETF recognizes that IPv6 was a colossal bollix, and apologizes
2) by 01/30/2008 the IETF rescinds IPv6 and stops whipping a dead horse
3) by 06/30/2008 the IETF offers a draft RFC for IPv7 - which is backwards compatible with IPv4 headers to ease the transition burden, and has a mechanism for isochronous packet delivery to improve video and voice transport

Re:not ready for prime time

[someone300]

• NAT is a horrible, horrible hack
• If IPv4 networks worked in 1980... it's 27 years later, I think computers can handle the increased memory requirements (and they do)
• IPv6 has Jumbograms
• IPv6 is for where every electronic device has one (or more) IP address, plus you generally need to assume at least 50% more than required for expansion purposes if you're an ISP.
• IP network have a MINIMUM MTU of 576 bytes... you can increase that
• Cisco will update their routers over the next 4 years... Corporate greediness isn't the fault of IPv6

Only the address space difference?

[Jugalator]

Why do these articles only end up being commented about IPv6 improved address space?

IPv6 offers lots of tasty features because they took the opportunity to fix a lot of quirks in the IPv4 protocol while they were at it, and that offers real world advantages.

Things like host autoconfiguration and ad hoc networking, end-to-end IPSec support in the standard, larger datagram support for efficiency in fast networks.

Re:not ready for prime time

[Kjella]

the overhead is a whopping 1.3%, or downloading an extra 51 mb on your full, uncompressed 50gb bluray movie.

!) The bluray *image* may not be compressed, but the bluray *movie* is compressed to fit in 50GB
2) 1.3% of 50GB = 50000MB is somewhere around 500MB, not 50MB - you're off by a zero

Re:not ready for prime time

[Al Al Cool J]

3. IPv6 addresses are too large.

This is my main problem with IPv6. I've seen some excellent replies as to why this isn't really an issue on various technical grounds, including your reply. However it's not the technical issues that concern me.

Allow me to rephrase the objection:

3a. IPv6 addresses are too large for people.

I deal with IP addresses all the time. Few days go by where I'm not typing one into a computer for one reason or another, or reading one out over a phone to somebody. "Your internet seems to be down? It could be a DNS issue. Try typing this IP address into your browser and tell me if you get anything." IPv4 address are simple and easy to remember. They are like phone numbers. They are easy to relate to others, and I have most of my commonly used ones memorised. I can copy one from paper to a computer usually at a glance, two glances at most.

But when I see an IPv6 address, my eyes glaze over. It's alphabet soup. No way in hell do I want to be dealing with those things on a day-to-day basis

Re:IPv4 works for me

[Just Some Guy]

IPv4 works for me today and will work for me in the future.

No it doesn't, and no it won't. Right now, only the relatively rich can afford more than a handful of public addresses, so only they can afford to host the services they want (where "services" includes things like "being able to sync your smartphone's calendar with the office Exchange server", not just customer-centric applications). Also, it's all but impossible to do things like direct peer-to-peer VOIP between two random hosts behind NATted routers; you have to have a broker somewhere in the middle to know how to get to each end and to negotiate the connections.

This isn't going to get better. The NAT hack was able to keep things limping along for a few extra years, but we're living on borrowed time. You will be migrating off IPV6, and likely sooner rather than later. The only question is how you want to meet it: will you embrace the new system, or will you have to be dragged kicking and screaming?

Re:missing one thing

[Just Some Guy]

but the people who would need to spend money to replace routers etc evidently don't see any benefit for themselves.

Well, one thing that this might do is give router manufacturers a kick in the pants to make IPv6 work well. Come 2009, any router that isn't IPv6-capable is officially obsolete according to the IETF. I don't think manufacturers will want their hardware written off before it even hits the shelves. Maybe it will turn out to be a checklist feature that no one actually uses, but I don't expect that to happen.

Poor Date Choice.

[OgGreeb]

Why does every technical standards organization plan intensive, complicated and pervasive changes for midnight January 1st, when:

1. There will be no technical support available from vendors until they return from holiday, perhaps days later?
2. No one will be available to test, evaluate and identify distributed service outages, again for days.
3. The poor, maligned and disrespected IT staffs will have to miss the New Year's Eve parties, probably their best/only chance to hit up their drunken office colleagues and have a chance of success. Please, won't anyone think of the geek?

Re:not ready for prime time

[Doctor Memory]

Except for the N-word being used, this post is very informative

Excuse me? "IPv6 needs work because Cisco routers don't handle it well"? It's just a troll, get over it. Cisco's probably wringing their hands with glee, because this will help them push their next-generation made-for-IPv6 routers. And if they don't have a next-generation router that handles IPv6 well, then Juniper will (deservedly) eat their lunch.

The rest of the points in that post were similarly bogus. NAT sucks because it breaks the end-to-end IP model (which also breaks IPSec). It also requires the network to handle connections and maintain state. IPv6 also uses multicast for ARP resolution instead of broadcast, which means your NIC doesn't have to deal with a packet every time someone else on your subnet wants to contact a machine that isn't in their cache.

Re:missing one thing

[Just Some Guy]

Remember what happened when Apple released the Airport Express with support for non-NAT'd IPv6?

I sure do. Apple screwed up an implementation and therefore no one else will ever be able to get it right.

Similarly, Nimda [f-secure.com], Blaster [symantec.com], and SQLSlammer [trendmicro.com] permanently ended the use of webservers, operating systems, and databases.

Tomorrow never comes...

[mwoliver]

You know, I have been using IPv6 in some way for about 9 years now, starting back with the stack for NT from MS Research and FreeBSD with KAME. There was a lot, and there is still more, to learn, and what sucks for early adopters (and huge advocates) of IPv6 like me is having to swim upstream against the current of "we have plenty of IPv6 space", "we have NAT", "IPv6 sucks", etc. It sure does get old. If you naysayers would put half the effort you spend bitching on /. into urging your ISP or your IT organization (or both!) to become IPv6-aware, we could see some real progress.

While I am a huge advocate of IPv6 adoption, I don't agree with the wasteful manner with which the networks are being allocated. It is as if the architects got flashed by the MIB and can't remember anything about the relatively easy acquisition of a IPv4 /8 20 years ago, so let's cut this huge address space by less than half and use a /64 for the host. Ridiculous! If past lessons had been learned and remembered, we wouldn't see this kind of early waste, and IPv6 could well last a couple hundred years, or longer, addressing all parts of this solar system and perhaps beyond.

There is a lot going on in Asia/Pacific (AP) with IPv6, and emerging countries will be far better off since they are just building out infrastructure from scratch and can be dual-stack capable from the start (akin to cellular networks versus thousands of miles of copper). Here in the US, the price for being so technologically advanced early on and having spent (I loathe to refer to networking gear purchases as "investments") so much capital on gear to-date means that hard business cases need to be made to justify to the bean-counters that IPv6 is worth the effort. Couple that with the usual short-sighted executive management in most companies and you will be hard-pressed to get funding for IPv6 ventures. Fortunately, the word is getting out to even the executives that IPv6 is not just a rumor and projects are starting to gain momentum, but I fear that for most in the US it will be a never-ending game of catch-up.

Optimistically I forge on...

Re:I am not trying to troll right now but...

[Percy_Blakeney]

He lies and says we're running out of addresses at a rate of 10-15 /8's per year. ARIN says we're going through about 3-4 a year (see the ipv4-allocation-assignments- this stuff is public even to nonmembers

No, he's not lying. You made the mistake of only looking at ARIN's numbers, which show IP usage in the Americas. Try looking at IANA's numbers [iana.org] instead and you'll see that the allocation of ~10 /8's per year is about right. So far this year, RIPE (covering Europe) has gotten 4 new blocks and APNIC (covering Asia) has gotten 5.

Re:not ready for prime time

[Anonymous Coward]

> an existing globally unique number; the MAC address

MAC addresses aren't globally unique.