U.S. Government to Adopt IPv6 in 2008 284
IO ERROR writes "The U.S. Government is set to transition to IPv6 in June 2008, according to Government Computer News: 'In the newest additions to the IPv6 Transition Guidance, the CIO Council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline. The latest additions, (MS Word) released in May, are a compilation of existing recommendations and best practices gathered from the Defense Department, which has been testing and preparing for the transition for years, the private sector, and the Internet research and development community.'"
Enough Detail (Score:5, Funny)
Re:Enough Detail (Score:5, Funny)
Actually, no, that document is the sample IPv6 address.
Re:Enough Detail (Score:2)
Deployed!?! (Score:3, Interesting)
Re:Deployed!?! (Score:5, Insightful)
The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.
Note how this works in re: MA trying to force open standards for anyone it does business with.
Re:Deployed!?! (Score:3, Insightful)
Good point, that worked really well with GOSIP [wikipedia.org] which is why we're all using OSI now.
What, we're not? Hmm.
Re:Deployed!?! (Score:2)
Besides, there is a huge difference between "alone" and "not having the majority with you."
Re:Deployed!?! (Score:5, Insightful)
The government will never be on its own, there are too many corporations sucking at its teat who will need to step into line.
Agreed. Who writes this stuff? ISPs already have management networks running IPv6 and big players like Comcast ran out of unique IPv4, for their cable modem pools and have completed their migration to IPv6. China is on the boat and most network gear deals with both just fine. How exactly is the US government going to be on its own here?
Re:Deployed!?! (Score:2)
Why do you think cray has already deployed IPv6?
Re:Deployed!?! (Score:2, Insightful)
USA, home sweet home (Score:5, Funny)
Re:USA, home sweet home (Score:4, Funny)
Just when I was getting to used to my old 127.0.0.1
Re:USA, home sweet home (Score:2, Informative)
There's no place like localhost??!!?!?!?!
Sorry, never heard that one before.
Perhaps you meant "There's no place like ~/"
Stats on IP usage? (Score:5, Insightful)
Re:Stats on IP usage? (Score:2, Insightful)
1.upto(254){ |a|
1.upto(254){ |b|
1.upto(254){ |c|
1.upto(254){ |d|
TryExploit '#{a}.#{b}.#{c}.#{d}'
}
}
}
}
And then have your zombies run this. The exploit would then run this. etc. etc.. and the Internet craps outs.
Aside: Yes, starting at 1 is wrong, but this is for demonstration pur
Re:Stats on IP usage? (Score:5, Informative)
Also, IPv6 NAT should never ever see the light of day.
Re:Stats on IP usage? (Score:3, Insightful)
Re:Stats on IP usage? (Score:3, Informative)
Geoff Huston (2003) [potaroo.net]
Tony Hain (2005) [cisco.com]
Re:Stats on IP usage? (Score:5, Insightful)
Re:Stats on IP usage? (Score:2)
So why is the US governmetn pushing something that can make it easier to run tools to circumvent government control ? That's what sets my spider-sense tingling. Add the tradition of senators trying to slip bad laws
Re:Stats on IP usage? (Score:5, Insightful)
-c
Re:Stats on IP usage? (Score:5, Informative)
Remember that a class A contains 16M addresses.
Re:Stats on IP usage? (Score:5, Informative)
As an example: In one well known red brick UK university you have to have a public IP address and you are not allowed to put kit behind a NAT even if that kit OS something esoteric and obsolete like the Silicon Graphics or AS1 that drives Bruker NMRs. As a result you have the choice to leave it unconnected which is a major annoyance as it is designed for network connectivity or to leave it at the mercy of the elements. This is done so that the "usage is not reduced" so that the overall university allocation is still justified.
While at it, IIRC the aforementioned Bruker as a class B which is not used for anything but to give semi-unique addresses to different components of Lab machinery which sit on internal networks worldwide. Classic abuse of public address space for what amounts to textbook RFC 1918.
IBM is holding 9.0.0.0/8 which it practically does not use, There is a huge block in the high
The only place where there is some IPv4 address shortage are the APNIC blocks. RIPE and especially ARIN still have plenty of address space to go around even without going and starting to ask people like IBM if they actually use those class As.
Re:Stats on IP usage? (Score:4, Insightful)
Setup a firewall, which is the proper way of doing it in the first place. The security benefits of NAT are incidental, not intentional. NAT also makes it difficult for network administrators to diagnose and isolate network problems.
Re:Stats on IP usage? (Score:3, Funny)
Whoa. Working from your document [iana.org], if this trend contiues they will next buy Apple, and then MIT. That would be a powerhouse indeed.
Although really, they should go the other way, buying Xerox and nabbing whatever the hell 14/8 is used for. Then they could have the world's only
Re:Stats on IP usage? (Score:3, Informative)
try this link. It is a logical analysis of the state of IPv4 address space (it is all
regards
Re:Stats on IP usage? (Score:4, Informative)
However, a more recent study [cisco.com] by Cisco and others argue that we might be running out of addresses as soon as 2008 if the current consumption rate holds up. And with major pushes for 3. world countries to enter into the tech sector, my guess is that it is not a totally invalid assumption. They also argue how long the reclaiming of existing class A (or
There are also lots of problem by using the D and E class networks for general putpose traffic, since the D class is classified as experimental and E as broadcast, and so it cannot be guaranteed that all equipment can handle these addresses or will even allow these addresses to be used, since previously it would have been a configuration mistake to use these (especially the D class) addresses...
Re:Stats on IP usage? (Score:3, Insightful)
2008? (Score:5, Insightful)
As the CIO Council and Office of Management and Budget help map out the June 2008 transition to IP Version 6, perhaps the biggest challenge is that they're entering unfamiliar territory.
In the newest additions to the IPv6 Transition Guidance, the council's Architecture and Infrastructure Committee has provided a list of best practices and transition elements that agencies should use as they work to meet the deadline.
So the government has a year-and-a-half to meet this deadline? Forgive the cynicism, but given that they have a loose set of guidelines and so many systems that would need conversion, I think they're being a tad optimistic. Kudos for trying this, but I won't be surprised when it takes until 2010.
Comment removed (Score:5, Informative)
Remember GOSIP? (Score:4, Interesting)
Computer industry vendors spent serious money preparing for the August 1990 adoption deadline.
They had to implement the ISO protocols or risk not being able to sell their systems to the government (always a major customer).
The revised date for adoption is never.
The worst part about doing government contracts was dealing with all the folks that say:
"We can't design this around TCP/IP, the government is mandating ISO."
Re:2008? (Score:2)
From years of working for the government in IT, I know that it is practically SOP to push some insane requirement on everyone, delay it a few times, and then go into panic mode when everything isnt 100% at the deadline.
This happens ALL the time.
Also, I didnt read the document detailing the agencies affected by this, but "US Government" does not mean everyone. It could simply be a few agencies that must meet this requirement. This probably also wont affect
What are the Downsides to IPv6? Anyone? (Score:4, Interesting)
If those of you out there who understand those issues could make a few posts here I would greatly appreciate it.
Thank you.
Re:What are the Downsides to IPv6? Anyone? (Score:5, Insightful)
I am not amazingly versed in this issue but several things stand out immediately to anyone who has a little networking experience.
I'm sure someone with a little more knowledge, and/or a little more imagination, can come up with others.
Re:What are the Downsides to IPv6? Anyone? (Score:5, Informative)
Uhh... what? One of the big advantages of IPv6 over IPv4 is that it will make routing *easier*, thanks to the hierarchical address space.
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Re:What are the Downsides to IPv6? Anyone? (Score:5, Informative)
Additionally, there are less options in IPv6, making the logic to analyze a packet even more simple than for IPv4.
Random Google result:
http://www.cybertelecom.org/dns/Ipv6.htm [cybertelecom.org]
If you keep spreading FUD instead of doing a simple Google search we will never get IPv6.
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Yes, and it is four times as long in IPv6 as it is in IPv4. I didn't think this was that complicated a concept. I do realize that other parts of the packet have been streamlined, but this is going to affect edge routers and layer 3 switches.
Re:What are the Downsides to IPv6? Anyone? (Score:3, Informative)
Yes, the address is four times as long, but since many checks for valid options can be removed and routing tables are going to get smaller, the additional overhead is small or non-existent, maybe even negative. What is a simple check of an address against a table of addresses with a (now fixed!) mask compared to the complex logic to verify the validity of 6 additional options?
Re:What are the Downsides to IPv6? Anyone? (Score:3, Informative)
The real issue is that IPv6 was supposed to provide a heirarchical address scheme to simplify routing, but hasn't actually done so. Global addresses are just a flat number. Site local addresses completely failed to address the issue, and have been deprecated without even a suggested replacement. Link local addresses aren't useful for much be
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Did I miss a memo? Is there a psychic component to IPv6? Because if not, you have to do a comparison to identify packets your NIC will take off the wire. In the case of routers and other layer 3 devices, you will have to compare all packets to determine where they should go; For a non-routing system you can start with the least significant bits and work your way towards the MSB from there. Ei
Re:What are the Downsides to IPv6? Anyone? (Score:4, Interesting)
This means the number of tables for lookups is reduced by 1 and there is no need to do reverse lookups (so there is no latency in such activity). It is also central to the way IPv6 handles mobility, as it means (a) you're guaranteed there is an IP address available for you in the network you join, (b) the host part of the IP address will remain the same, only the network component will change, and (c) because only the network component changes, routers will be capable of re-routing traffic upstream to the new destination with zero packet loss.
(Most mobile IP uses forwarders, but IPv6 was designed from the start to have mobility within the protocol as far as possible and not as a hack.)
Re:What are the Downsides to IPv6? Anyone? (Score:3, Informative)
This is not correct; such a scheme would not support manually-assigned addresses, privacy addresses, or cryptographically-generated addresses. IPv6 has neighbor discovery (an
Re:What are the Downsides to IPv6? Anyone? (Score:2)
As a wise man once said, don't make assumptions - it makes an ass out of you, and umption. Making assumptions is one great way to create a big fat gaping security hole.
Re:What are the Downsides to IPv6? Anyone? (Score:5, Interesting)
There is also right now a huge disagreement going on in the background about how to multi-home in IPv6.
The presently-proposed model implies that only big ISPs (plans for at least 200 customers that you'll be allocating space to) can get their own IP space...everyone else has to get space allocated to them from bigger groups. This, predictably, is making the content providers and big enterprises very unhappy, because they're used to (and now require) multiple uplinks to differing ISPs.
The proposed fix for this problem, shim6, has been routinely savaged as a complete non-starter. That's mostly because it's proposing allowing each and every end host to make it's own decisions about what path to take, causing all sorts of uglyness for security devices and traffic engineering.
There presently is no good answer to this, which is why a lot of orgs are holding off on IPv6.Re:What are the Downsides to IPv6? Anyone? (Score:5, Insightful)
geographic addressing. it was unnecessarily denounced as anti-provider
and socialist.
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Re:What are the Downsides to IPv6? Anyone? (Score:3, Interesting)
The practical upshot is that if the traffic is for that LAN, you need only test the 48 bits for the MAC address. If it is for a node further downstream, there will be a non-zero value in the next byte after your
Re:What are the Downsides to IPv6? Anyone? (Score:3, Informative)
Addresses are longer and harder to remember.
Packet headers are larger, so less data fits in each packet.
Multihoming still hasn't been sorted out.
Certain default configurations allow anyone to see your MAC address and thus track your computer more easily (but fixes for this are known).
Administration of a dual-stack network may cost almost twice as much as administration of a pure IPv4 network.
Re:What are the Downsides to IPv6? Anyone? (Score:3, Informative)
Re:What are the Downsides to IPv6? Anyone? (Score:2)
If people have no real world experiance with it, they're not going to be very good at deploying it for 1,000 army boxes. Most admins don't even know how to enable IP
Re:What are the Downsides to IPv6? Anyone? (Score:2)
Re:What are the Downsides to IPv6? Anyone? (Score:3, Funny)
That's amazing! I've got the same combination on my luggage!
Re:What are the Downsides to IPv6? Anyone? (Score:4, Informative)
IPv6 Adoption (Score:4, Insightful)
Digitac
Re:IPv6 Adoption (Score:3, Insightful)
Perhaps this is what it would take to get IPv6 in place - MS to say 'we will stop supporting IPv4 in a year's time'. Watch all the computer companies scramble to update their software (and hardware - obviously you'll need to buy the updated versions) and then it'll happen. Otherwise, we're going to be stuck with IPv4 for a very long time to come.
Re:IPv6 Adoption (Score:3, Interesting)
Think Windows Vista
According to Microsoft, Vista will have IPv6 installed and enabled pr. default and will prefer IPv6 over IPv4. Link is here [microsoft.com].
Re:IPv6 Adoption (Score:3, Insightful)
Re:IPv6 Adoption (Score:2)
10.0.0.0/8? It fits their "walled garden" business model perfectly.
Re:IPv6 Adoption (Score:2, Insightful)
Re:IPv6 Adoption (Score:5, Insightful)
Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" [nanog.org]http://www.nanog.org/mtg-0606/pdf/alain-durand.pd
Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.
You loose. Thank you for playing.
Re:IPv6 Adoption (Score:2)
Its funny. I remember when the US government/military _made_ the standards instead of being years behind adopting them.
I guess they are too busy spying on people and killing them to actually do any real innovation.
Re:IPv6 Adoption (Score:2)
Re:IPv6 Adoption (Score:3, Insightful)
I agree with your first point (about cable boxes) -- the boxes are as addressable right now as the cable companies want or need them to be. But this latter thing I disagree with. VoIP is notoriously difficult to pass through NAT (I'd bet that if you go onto some Vonage user forums, questions about NAT are all over the place), and represents a "killer app" for IPv6 as much as anything. UPnP has
Experiment with Teredo (Score:5, Informative)
Happy days.. (Score:3, Funny)
The NSA (Score:2, Funny)
Sorry. (Score:4, Funny)
What is the real date? (Score:2)
The real problem is unfunded mandates. Great mandate, but without money behind it, it ain't gonna go anywhere.
Flexible IP adresses (Score:2, Interesting)
The downside I can think of is that it will probably be slightly more work (and thus slower) for the machines on the net that reads the address on packets to send them in the right direction (I belie
Re:Flexible IP adresses (Score:2)
That's a big problem when designing hardware and efficient software.
Re:Flexible IP adresses (Score:2)
Re:Flexible IP addresses (Score:2)
I am suggesting a _new_ way here, not that we all suddenly append more digits to existing addresses and continue to call it IPv4.
As for "32-bit value" vs. "four 8-bit values", I must say I wouldn't see t
Re:Flexible IP addresses (Score:2)
Yes, of course it's of non-constant size. It will never be extendable if it requres a fixed size.
For reasonably sized addresses (say, less than 100 bits) I cannot imagine that it would add anything close to a whole millisecond to the processing of that address. I would rather set the tolerance level (for the time it takes to decode an address) much lower, actually.
Good news, bad news (Score:5, Insightful)
The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.
The bad news: Wait a minute. "Them?" Oh shit, it's the US government. I'm a US citizen. Argh, that's my expense. D'oh!
Re:Good news, bad news (Score:3, Interesting)
The good news: long term, I think IPv6 is desirable. Thus, I like seeing a large organization pave the way. Let them get the kinks out. Let them find out what all goes wrong. Let them blaze the trail so we can ride on their coattails. Let them incur the big expense.
Several others have already stepped up to the plate and have implemented IPv6. Here are some notes [merit.edu] asked when Comcast did their presentation at NANOG about how their IPv6 migration of their cable modem pools worked.
It's a trap! (Score:3, Funny)
Good luck (Score:3, Interesting)
Re:Good luck (Score:2)
It's quite ridiculous that you're still using your old and outdated system.
Monitoring Coup (Score:2)
I guess someone upstairs finally figured out that it's easy to track people on the net when they don't move. If everyone has their own addresses, no need to ask the isp what it is anymore, huh?
At the same time, dodging servers and going directly to your friends with encrypted comms will get easier too?
By biggest question on if this is ready is.. (Score:4, Interesting)
IPV6 definitely has been around for many years now, but none of the windows firewalls I've downloaded seemed to have any kind of configurations for logging or filtering ipv6. Sure that's 2 years away, but unless I overlooked a firewall (there are so many for windows) or they use some kind of open source package that probabbly has ipv6 firewall capability already. i have to wonder how they're going to keep secure.
Re:By biggest question on if this is ready is.. (Score:3, Informative)
And besides, I wouldn't connect Windows directly to the network in any case. It likes to trip over and salivate like a small child. Better use a real system to protect it.
Ada and waivers (Score:3, Interesting)
perspective (Score:2)
If one would want some empirical perspective on how much impact this has on the world in general... the U.S. government adopted a best-practices and recommendation for computer contracts in the late 80s requiring all systems be POSIX compliant. While you can make the technical argument NT/XP is POSIX (.1), it's hardly a nudge in the direction technology decidedly went (i.e., Windows became dominant anyway).
I'm a bit surprised (Score:3, Interesting)
There's also always a lot of FUD spread around this matter, and one can find it even in this topic, for example IPv6 increasing routing complexity. IPv6 uses hierarchical address ranges *and* is modularized so there's not just less complexity, but even less *traffic* to route unless using more advanced features of IPv6. After the transition, IPv6 is better for your routers.
NAT's also seem to be a common enough argument against IPv6 that someone should have written a damn "Why NAT's won't solve address space issues" FAQ to uninformed people already. There is something similar [circleid.com] enough for that though.
Anyway, instead of just ranting, here's a document [tcpipguide.com] about some of the changes IPv6 makes. Maybe especially this part [tcpipguide.com] is educative to some.
Re:The first (Score:2)
Re:The first (Score:4, Interesting)
You think that's bad. This article mentions getting info to transition to it from the US DoD....and this /. article is the first time I've heard anything about the DoD pushing to transition to IPv6!!!!
Heck...we're rebuilding systems from scratch in some cases post Katrina, and yet nothing is mentioned to us about trying to do anything with IPv6.
Re:The first (Score:2)
Re:The first (Score:5, Informative)
Where did DavyGrvy mention turning off IPv4? They work together, you know. Do even Slashdotters not understand that adding IPv6 to a network does nothing to reduce IPv4 connectivity? It's win-win.
IPv6 tunnels over IPv4. IPv4 tunnels over IPv6. Machines running IPv4 can talk to machines running IPv6. Machines running IPv6 can talk to machines running IPv4.
IPv6 still has issues, to be sure, but interoperability with IPv4 isn't one of them.
Re:The first (Score:2)
Comcast IPv6 Plans (Score:3, Insightful)
Re:The first (Score:2)
Yes, that was my first thought too. After all, if all the systems need to be replaced, then that would be a great time to slip in DRM and various backdoors, now wouldn't it ?
Re:The first (Score:2)
Re:Ummm, why? (Score:2, Funny)
Re:Favorite part (Score:2)
There are 2^128 possible IP addresses with ipv6. That equals to 340282366920938463463374607431768211456
This means there will be aproximately 66713451548377005519 IP's per cm^2, which actually is 66713451548 billion IP's per cm^2, or aprox 66 Quintillion IP's per cm^2
Re:Favorite part (Score:3, Insightful)
With IPv4 there are users who could have a
With IPv6 you take the first 48 bit
Re:Favorite part (Score:3, Informative)
Oh, goodness me, are you ever off. Earth's area is 5.1e14 square meters [vendian.org]. 2**128 ~= 3.4e38. 3.4e38 / 5.1e14 = 6.7e23 IPv6 addresses per square meter. For square feet, call it 6e22 addresses per square foot. (1 square meter's pretty close to 10 square feet [google.com].)
So, you're off by a about 21 and a half orders of magnitude. That's not even close by a
Re:A simple question (Score:3, Informative)
If Slashdot bothered to get IPv6 connectivity, then yes.
I could do that for www.sixxs.net, www.kame.net and every host that already has IPv6 connectivity. So "we" are not getting anywhere with IPv6 because it doesn't work because the big sites don't bother because IPv6 isn't anywhere yet. Nice way to get nothing done ever.
If I send my buddies e-mail, most of the time everything is IPv6 only, including DNS lookups, although DNS transport over IPv6 isn't reall