Forgot your password?
typodupeerror
Networking The Internet

One Less Reason to Adopt IPv6? 174

Posted by CmdrTaco
from the adopt-a-puppy-instead dept.
alphadogg writes "For a decade, IPv6 proponents have pushed this upgrade to the Internet's main communications protocol because of its three primary benefits: a gargantuan address space, end-to-end security, and easier network administration through automatic device configuration. Now it turns out that one of these IPv6 benefits — autoconfiguration — may not be such a boon for corporate network managers. A growing number of IPv6 experts say that corporations probably will skip autoconfiguration and instead stick with DHCP, which has been updated to support IPv6."
This discussion has been archived. No new comments can be posted.

One Less Reason to Adopt IPv6?

Comments Filter:
  • Whatever Works (Score:0, Insightful)

    by Anonymous Coward on Monday September 17, 2007 @11:23AM (#20636875)
    Yeah sometimes cool features don't evolve into benefits. News? Not really.
  • Missing DNS (Score:5, Insightful)

    by thegameiam (671961) <thegameiam.yahoo@com> on Monday September 17, 2007 @11:30AM (#20637019) Homepage
    IPv6 Autoconfiguration is close but no cigar in a couple of signignificant ways:

    1) DNS server information wasn't baked in from the beginning (there are now some drafts to fix this, but I haven't yet seen the working code) - all this time, and we managed to recreate BootP...

    2) Because autoconfiguration uses /64 addresses for hosts, the address size gain, while large, isn't anywhere near the original promise, and encoding the MAC address into a globally-visable IP address does release information about hosts which was formerly private (NIC vendor, for one, as well as the more theoretical complaint about the layering violation).

    3) Just try it with VMWare or other virtualization software. Ouch. There's a whole lot of borked there.

    4) Obviously you wouldn't want to use it for a true server, becuase who wants their server IP to change when a NIC burns out?

    All that said, in a dual-stack environment it works reasonably well: but it doesn't honestly look like anyone gave much thought to a time when IPv4 wouldn't be present on the LAN or on the hosts...
  • by igjeff (15314) on Monday September 17, 2007 @11:32AM (#20637049)
    DHCP does a whole lot more than that.

    The reality of the situation is that stateless autoconfig in IPv6 is one way to get basic networking connectivity setup, DHCP is another. Depending on your situation, the phase of the moon, and any of a number of philosophical viewpoints held by the network admin, stateless autoconfig might or might not get used. *shrug* Even with stateless autoconfig, DHCPv6 might also get used to configure other information that is not handled by stateless autoconfig (DNS servers, NTP servers, any of a huge list of other things).

    The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize. Can you be ready for IPv6 in 2 years? You need to be. If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.
  • Why Not Both (Score:5, Insightful)

    by maz2331 (1104901) on Monday September 17, 2007 @11:38AM (#20637145)
    Autoconfig is a nice default for something that "just works" without much need for an admin to plan out the network, and DHCP is great for tighter control where needed. What's wrong with having both options available?
  • Re:Whatever Works (Score:5, Insightful)

    by ajs (35943) <ajs@@@ajs...com> on Monday September 17, 2007 @11:40AM (#20637171) Homepage Journal

    Yeah sometimes cool features don't evolve into benefits. News? Not really.
    What's news is that we're still dragging our heels on IPv6. We dodged the bullet once by developing and widely deploying NAT and at the same time reclaiming large amounts of unused address space via switching core routing to CIDR. However, that trick only bought us a certain amount of time. As the world becomes increasingly connected, we're going to face the same problem again. Why are we waiting until it's a crisis to deal with it?
  • by Silver Sloth (770927) on Monday September 17, 2007 @11:40AM (#20637173)

    If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.
    or have I got two years to configure the gateway between the corporate network and the internet? That's a much smaller task.
  • IPv6 isn't that good because DHCP has been updated to support IPv6?
    O.O *blink blink* O.O
  • The real reason... (Score:3, Insightful)

    by yogi (3827) on Monday September 17, 2007 @11:49AM (#20637309) Homepage
    IPv6 may offer a range of new features over IPv4, but realistically, people will move to IPv6 for one of two reasons

    1. They have run out of IP addresses ( remember the 10.0.0.0 private network is pretty big! )
    2. Everyone else is doing it.

    Option 1 is only really going to be a problem for the really big firms, and they will be really careful. All those Corporate apps need retesting with the new IP addresses, and that is a non trivial exercise ( think Y2K all over again!, except you could do it piecemeal ). It's a hard sell to the business : Mr PHB, we'd like to spend a large amount of money retesting all the applications in Globocorp to use a new IP numbering scheme. Nope, you won't get any business benefit.

    ISPs may force people of IPv6 at some point, but that's only been an issue in South Korea so far. Everyone else still has enough IP addresses right now.

    And until we get a critical mass of people going for Option 1, option 2 is a no go.
  • by TemporalBeing (803363) <bm_witnessNO@SPAMyahoo.com> on Monday September 17, 2007 @12:15PM (#20637725) Homepage Journal

    DHCP doesn't give a network admin any more control over a network, either. That's just a silly statement. How does having a server doling out IP addresses make it any easier to control a network? It's not a like a device *must* be set to use DHCP. It's not difficult to figure out what IP address ranges a DHCP server is not doling out and use that, even on IPV4.
    As others have said, DHCP does so much more.

    I run DHCP on my home network to setup: DNS, WINS, Gateway, IP Address, NTP (Time), and other services. I also use it to record MAC addresses for security reasons, and to easily grab them so that I can configure static IPs and DNS names for specific systems without having to ask people for their specific MAC (unless they're coming in wireless...then they need to to get access anyway...).

    Point is, it gives me an easy way to manage my network. And honestly, I was looking forward to playing around with IPv6 in the same manner on my home network (because I could, and wanted to experiment), but some things just aren't ready for it yet, and the lack of a DHCPv6 server (at the time) to manage the auto-configuring was an issue too.

    Additionally, I have played with IPv6 with its auto-config, which at least under Windows 2003 is a joke as it is a half-baked implementation that is just plain broke. Half the time it works, and half the time it doesn't. And when it doesn't, it is seriously borked, and breaks everything else too. (And I was only running a set of 6 systems (4 servers, and 2 clients) in my test network.) It took a lot of time to get systems reconnected when things failed out due to IPv6 addressing not working. Haven't tried it much under Linux yet...but I would still have Windows clients to support, and VPN and other software that would need supported. (Software I don't control the version or support on...work does.)

    Any how...DHCPv6 would have made supporting that test network a lot easier, and actually would have kept it functional. I cannot imagine what kind of problems admins will have trying to deploy IPv6 with auto-config on a larger network. (Imagine, your computer gets a new IPv6 address just because you rebooted...not make that your server and you could really screw up your network quickly.)
  • Re:Whatever Works (Score:5, Insightful)

    by ameline (771895) <ian.ameline@gmai[ ]om ['l.c' in gap]> on Monday September 17, 2007 @12:18PM (#20637785) Homepage Journal
    > Why are we waiting until it's a crisis to deal with it?

    Because that's just human nature -- we're all procrastinators -- some of us admit it -- others are putting that admission off.

    History is replete with situations where timely action would have saved piles of money and/or lives -- have we ever acted at the right time? No -- we wait until something like http://www.historyplace.com/worldwar2/timeline/dday.htm [historyplace.com] is necessary.

    So I think we can all safely predict that it will be a crisis before we do anything about it.

    And remember -- never put off until tomorrow that which can be put off until the day after. :-)

  • Re:Missing DNS (Score:3, Insightful)

    by Znork (31774) on Monday September 17, 2007 @12:39PM (#20638183)
    "VMWare had problems getting the guest to do the autoconfiguration instead of having the host do it"

    Could be a bridging issue with VMWare. As long as the virtualization software acts as an unfiltered bridge, v6 autoconf really should work.

    "instead of learning the lessons we all have in the past 10 years about the benefits of small layer-2 islands connected with layer-3."

    I agree in part, but it depends on how you look at it. I think the idea is to use it as huge, very sparsely populated layer-2 islands connected with layer-3. And with the default being a /48 per end site, you get 65k subnets per end network (enough for most corporate subnetting purposes). Which does feel like a certain level of overkill; I'm not sure I'll really need 65 thousand internets worth of addresses for my home network in the immediate future.

    I think they did design it with such levels of waste in mind tho, so one can see it more as an indication as to the reason for using such a rediculously large address space.
  • by walt-sjc (145127) on Monday September 17, 2007 @12:55PM (#20638481)
    But what about the application protocols? That's what matters. We are not just talking "gateway", but a full-blown proxy that translates IPv4 / IPv6 sessions / protocols. Then there is encryption that is built-in to IPv6 which makes this MUCH more difficult.

    IMHO, this "much smaller task" isn't quite so small anymore. In fact, it's massive.

    IPv6 enabled machines talking to "legacy" IPv4 applications / services is a TRIVIAL task compared to the other way around.
  • Re:Whatever Works (Score:4, Insightful)

    by el americano (799629) on Monday September 17, 2007 @12:59PM (#20638587) Homepage
    Why are we waiting until it's a crisis to deal with it?

    Because until it's a crisis, you can't get the money to upgrade. If current addressing is going to work for another week, then it costs nothing to stick with it. Call me when the crisis is imminent.

  • by dpilot (134227) on Monday September 17, 2007 @01:16PM (#20638921) Homepage Journal
    Because people learned the WRONG lesson from y2k.

    Nothing happened.

    So the accepted wisdom became that the whole thing was just an alarmist fiasco that chewed up a bunch of money unnecessarily. They don't realize that y2k was no problem precisely because of all the noise. A LOT of people did a lot of planning and a lot of work, and that all paid off in how few problems there really were.

    But the common man, and unfortunately the common leaders don't understand that. So now y2k was a so-called crisis, wasn't a problem, and we can approach our next so-called crisis without the extensive preparation we "wasted" on y2k. Oh boy!
  • by afabbro (33948) on Monday September 17, 2007 @01:45PM (#20639475) Homepage
    The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize.


    Son, they've been saying that for 15+ years.

    Yes, there is a limit. But once IPV4 address space at the "top level" becomes scarce, it will be handled according to the rules of any scarce commodity - it'll become more expensive. That will encourage efficiency, free space from wasteful users, etc. Then we'll get close again, lather rinse repeat, etc. We will eventually hit the point of "full" but it's not like in September 2010 suddenly there will be no more routable IPs for the next system that needs one.

  • Too much magic (Score:3, Insightful)

    by sjames (1099) on Monday September 17, 2007 @02:06PM (#20639847) Homepage

    I'm not sure if autoconf and IPv6 addresses in general have too much or too little magic. Admittedly, these are in part Linux implementation bugs, but the kitchen sink nature of v6 sure isn't helping. If I can't reach anything by v6, I don't really care that I can secure my connection to nowhere with crypto.

    On the too much magic side, I announced 5001::/64 on my LAN at home as a test. Yet, when I try to go to a v6 enabled site, firefox tries to use v6 even though 5001::0/64 in no way impleis that I can reach 2001:: from here.

    On the too little magic side, some sites have more than one router (It's called a private network, some people don't care to splatter their private business all over the world). I tried setting that up with both overlapping and non-overlapping prefixes. Neither worked at all. The machines bounced from one to another so that they didn't even keep a consistant address. Good thing I had v4 so I could fix it without hopping from machine to machine. Possible good behaviours might have been:

    1. Just pick one and use it
    2. Actually assign both and just pick one when there is an overlap otherwise use the most specific route.

    The success or failure of v6 will be in client support. Nobody is going to accept a v6 only web server if clients can't reach it. Many of those clients have v4 only ISPs with dynamic IPs. They will not want their entire lan to renumber every time they get a new dynamic assignment. So, they will want a non-routable prefix for local to local traffic. Too bad the silly machines will try to use that for non-local traffic!

    Admins are often busy people. They don't want to devote their professional life to a v6 rollout, especially when practically nothing out there is reachable by v6 yet. If it's not dead simple it won't happen at all. I tried dead simple and as a result some sites became unreachable. I killed it again and they came back (falling back to their v4 addresses).

    Link local addresses don't seem to work AT ALL. I see the route but I get EINVAL if I try to ping.

    I suppose my next attempt will be to rip all the autoconfig stuff out of the kernel and implement a userspace daemon. It doesn't really belong in the kernel anyway. That's what initramfs is for.

    In general, this business of having to add one of 6, -6, -A inet6 or other junk to the command line or appending a 6 to the name of the utility has got to go. It's one thing to need a software update to handle v6, I can understand that older software might not even know v6 exists, but the v6 version has no excuse for not knowing v4 exists. ping6 192.168.2.1: unknown host.

    All of this tells me that v6 still has the status of a toy to play around with, not a supported standard ready for worldwide use. That's fine as far as it goes, but it's not exactly making people anxious to get on with the upgrade.

    It's been over a decade now. Let's quit pretending it's just inertia and try to address the real adoption barriers while there are still v4 addresses left.

    My advice:

    Just forget about scope. Prefix lengths are more than adequate for making routing decisions.

    Quit appending a 6 to everything (this is not marketing!). That includes structs and function calls in the library. For the most part, a v6 address as ASCII is distinguishable from v4. Likewise, in binary 4 octets followed by nulls or nulls followed by 4 octets is a v4 address. An app that won't run when the size of sockaddr_in changes was wrong to begin with. If you must, make -DV4ONLY use the old v4 only structs etc so broken source will compile and run. Done right, a number of old but well written programs could support v6 just by recompiling.

    Allow multiple router announcements and behave gracefully. Use the prefix that best matches the destination.

    Simpler handling of 6to4 and 4to6 translations. With so many people using APs and other routers for a broadband connection now, automatic en/de-capsulation in IPv4 can go a long way with very little configuration and a few simple rules.

  • by Anonymous Cowhead (95009) on Tuesday September 18, 2007 @11:23AM (#20652987)
    Heh, OSI "lost" for a number of reasons, but in my mind the chief reason is because their standards were designed by committees of vendors and telcos instead of users (i.e. people that wanted to build networks). Each participant tried to get his idea of networking defined as standard. Since the ideas varied quite a bit, and there was no consensus, nor experience from actual implementations, these differing ideas became "options". When vendors started releasing actual OSI compliant systems users quickly found out that with all the options at each layer (e.g. TP0-TP4) it was a miracle if any two vendors systems would interoperate. All the while the vendors claimed to be standard.

    So a big reason why OSI lost is because it wasn't a standard, it was a smorgasbord of of implementation options.

    If the OSI gang had had the sense to make their docs available free on the Internet, they might not have lost so badly.
    Think about that for a second and I think you'll find it as funny as I did. If the Internet existed for the docs to be available on, what then is the point of developing OSI? (Yes, I agree that the cost of specifications is an issue, and that the ISO charged way too much for OSI specs.)

Staff meeting in the conference room in 3 minutes.

Working...