Let the bidding begin!
I've got a block of IP4 stashed away for just this occasion... I'm looking for a fiver, can I get a fiver? Ten, give me ten, can I get a tenner... Sold to the man with the fat wallet!
North America has officially run dry of new IPv4 addresses, the numbers that computers use to find each other on the internet. This means the region can allocate no more of the 32-bit network addresses to web hosting companies, cloud providers, organizations and individuals: they're all taken. The space is full, and it's being …
The problem following on from bidding for tiny subnets will be the increased size of the IPv4 routing tables as what was previously a /20 gets returned and re-allocated as 16 /24s. Multiply that by a few thousand times and the 512k router-pocalypse of a couple of months ago will be a daily occurrence.
Hopefully an actual milestone that even a finance person can understand might be enough to get IPv6 takeup moving a bit more...
Icon: Beer (BeerV6 in 128 pint barrels of course)
I'll bet that Class A address holders are looking at their millions of IPv4 addresses and starting to tot up how much they might be worth:
126.96.36.199/8 General Electric Company
188.8.131.52/8 Level 3 Communications, Inc.
184.108.40.206/8 Level 3 Communications, Inc.
220.127.116.11/8 AT&T Services
18.104.22.168/8 Hewlett-Packard Company
22.214.171.124/8 Hewlett-Packard Company
126.96.36.199/8 Apple Inc.
188.8.131.52/8 Ford Motor Company
184.108.40.206/8 Computer Sciences Corporation
220.127.116.11/8 AT&T Global Network Services
18.104.22.168/8 Halliburton Company
22.214.171.124/8 PSINet, Inc.
126.96.36.199/8 Amateur Radio Digital Communications
188.8.131.52/8 Prudential Securities Inc.
184.108.40.206/8 US Postal Service
@Khaptain: you are exceedingly confused if you think ICANN could do this. The address space is managed by the Regional Internet Registries (such as ARIN) and it's their call how address transfers are managed.
There has been discussion from time to time (since about 1994 when this problem was first recognised) about charging per BGP-4 entry, but it's never proved practical. So the penalty for announcing a long prefix is that it will get filtered and your packets will arrive by a very round-about route or not at all.
Very many USA institutions and businesses have crazy big allocations. when they only need dozens of public IP.
In reality the USA IP 4s are nowhere near exhausted.
The ONLY really good thing about IP6 is that we won't run out. It's a terrible design, that's why adoption is so slow.
....I'll bet that Class A address holders are looking at their millions of IPv4 addresses and starting to tot up how much they might be worth:.....
These class A ranges should not be held onto by these companies, they simply don't need them.
It is selfish to hold onto them when they could be used to benefit the whole internet.
Very many USA institutions and businesses have crazy big allocations. when they only need dozens of public IP.
In reality the USA IP 4s are nowhere near exhausted.
If you understood the ways in which these organizations actually used the address space, you would never make such a closed-minded, selfish statement. I can't speak for most organizations, but HP has far more addresses than just the two /8s listed here and they use the vast majority of the all their PI-space for more than just Internet-facing systems. Given the number of private, B2B-type connections that they have, there's little wonder why they use so much of it. That's not to say that they couldn't scale back their PI address usage, but it would force them to NAT even crazier than they already have.
Anon, since no one needs to understand why I can say these things.
Yes, I do. Badly, wastefully, insecurely and stupidly. For between sites they should only be using VPNs with 1 public IP per site.
I changed a small college from over 600 public IPs to 5. With a decent edge router it could have been one.
The main reason HP and most of the other large U.S. corporations have huge IP holdings is because they could, and that was the way that behemoths communicated so long ago.
Not so long ago the internet was really pretty private - a few companies and a few universities/research institutions. Not so long ago everything was transmitted through a few hubs around this country (US) in a totally insecure way. This has changed dramatically. Life moves on and usually gets better. HP, unfortunately, didn't move on very well.
>If you understood the ways in which these organizations actually used the address space
A big contributor to the problem are cloud datacenters/infrastructure that uses layers of physical and virtual networks (SDN) to deliver a service.Hence can be particularly greedy in their need for unique addresses.
"These people have never heard of NAT obviously."
NAT is a nasty kludge which seriously fucks up connectivity in a lot of cases. Just because it works at home (and even then there are problems with it) doesn't mean it scales to larger cases.
They have heard of it, usually tried it and backed off because of various issues.
i suspect the isp's & services companies like L3, AT&T, PSI NET, CSC, IBM & HP, Halliburton need the vast majority of their networks for internal & inter connectivity. IP assignment is never not wasteful and now days each desk needs 2 addresses, 1 voice, 1 data in different subnets, and flat lans should be outlawed with massive penalties and jail time, upping the addresses needed to run the network. a /8 suddenly doesn't look that big when you have hundreds of sites across the globe serving hundreds of thousands of staff, contractors and customers.
I know for a fact that some of these organisations are running large networks of public addresses inside their private networks. The reasons for this are purely historical, and if they were designing a completely new network from scratch, I'm sure they'd use private addresses. But it's very much not trivial changing over - it's not as easy (for HP say) as just replacing 16.x.x.x with 10.x.x.x on all internal devices.
I've got a client that uses 220.127.116.11/16 on a large part of their internal network. When they set up their first IP network, they got in a (not very clued up) external consultant and he arbitrarily decided to configure it that way. It works perfectly well (and is NATed to their own public address at the firewall), but one day someone will misconfigure a border device and cause a few problems (for them and whoever owns the real public address). They're gradually changing it to private address space, but it's a long process.
I once had to sort out a site that used 18.104.22.168/24 internally. That was fine when their external connectivity was X.25 to JANET, but I had to convert them to a public /24 when they joined the JANET IP Service because that range belonged to somebody in Brazil.
(This was almost twenty years ago - /me waves walking stick over Zimmer Frame. If I see that kind of stupidity these days, I usually ask "Have you got a note from your mum that excuses you from RFC1918A or something ?")
for some companies / situations its advantageous to use globally unique addresses they own only internally, blocking ingress / egress access to those globally unique addresses at their borders & again internally & ensuring the networks are not in any global routing tables.
The internet was not meant to be NAT'd, NAT was an after thought that had security benefits & makes the RFC 1918 addresses rather useful.
I've worked at several large organisations that use their unique /8 IP's as originally intended across their global operations. Sure they could retain a small fraction for internal use, cut over everyone to 10/8 and return the rest to the registrars, absorbing the cost (Network engineers, project managers, anyone managing any kit attached to a network need paying) of doing so themselves, or they could spare the cost and carry on, with the problem disappearing with the adoption of IPv6. IPv4 exhaustion is not their fault. the kludge of moving to ipv6 is not their fault either.
People started using ambiguous addresses (misnamed as private addresses) for exactly one reason: they couldn't get enough proper IPv4 address space, and IPv6 wasn't mature enough at the time. Now IPv6 is mature enough, and you can't even get enough proper IPv4 space to live with ambiguous address space inside the intranet.
Game over. IPv6 won.
I think you are possibly confusing 'physical' LAN connections (although they could be vLANs over a single cable) and connected devices, many of which tend to use WiFi. Given the rise of ubiquitous computing and the fact that many are preferring to directly attach devices to the network rather than tether them through their phones etc. I would allow for 4~6 per non-IT department user along with some allowance for visitors/guests/IT support which probably means 7~8 addresses...
I'm currently "desk sitting" at a client and have the following devices running:
1. Workstation - fixed LAN
2. VoIP Phone/voice - fixed LAN
3. My laptop - WiFi
4. My smartphone - WiFi
5. My iPad/tablet - WiFi
Yes, some devices such as iWatch's are tethered and hence 'lurk' behind another connected device. So handling a user's 'personal' device cloud is going to be complicated going forward.
And that will do nothing to make the uptake of IPv6 go any faster.
I'm betting that the market is going to hang on to IPv4 even longer than it did Windows XP.
Except for those pushing IoT crap, of course, but since it is crap anyway . . .
"Curran told The Register now is the time to move your website or organization over to IPv6"
Except that doing so brings no benefit.
Are you an access provider? Then you must provide IPv4 alongside IPv6 in order to connect your customers to the Internet. IPv6 gives your customers access to Google, Facebook and precious little else. There is no sanctioned way for IPv6 Internet to access IPv4 content. NAT64/DNS64 kind-of sort-of does it, except for those cases where it doesn't.
Are you a content provider? Then you must put your content on IPv4 alongside IPv6, otherwise 90%+ of the world won't be able to see it.
Therefore, deploying IPv6 does nothing to alleviate address depletion, since you are forced to continue deploying IPv4 anyway.
It is an utter mess, where the ivory-tower academics thought that instead of *extending* the Internet, they could just *rip and replace* the whole thing - with no compatibility between the two. And this strategy has failed, big time.
There are so many misrepresentations in that short post that it is hard to be succinct, sorry. TL;DR version: Wrong!
> access provider? Then you must provide IPv4 alongside IPv6 in order to connect your customers to the Internet
Yes, but you make it sound like that is a hard thing. Actually every ISP I know that provides dual-stack says it's easy. The very large providers prefer to provide IPv4 as a service over IPv6, and some are forced into 464XLAT (RFC6877) by the IPv4 address shortage.
> There is no sanctioned way for IPv6 Internet to access IPv4 content [except] NAT64/DNS64
That's kind of a backwards way of saying "NAT64/DNS64 supports IPv6 access to IPv4 content." Yes, it does fail in a few cases. So does NAT444. The same cases. Because the IPv4 Internet is out of f***ing addresses.
> content provider? Then you must put your content on IPv4 alongside IPv6, otherwise 90%+ of the world won't be able to see it.
Right, so you agree that 90%+ of the world will soon be on IPv6? Cool! And you're correct, content providers need to support IPv6 customers. Dual stack works, but if you want to be single stack, that's OK too:draft-ietf-v6ops-siit-dc will soon be here to help.
> deploying IPv6 does nothing to alleviate [IPv4] address depletion
Of course it doesn't. Nothing can alleviate it: it's a fact. Sorry if it's inconvenient.
> *rip and replace* the whole thing - with no compatibility between the two
That's simply a lie. Unless of course you have a new kind of mathematics in which more than 2**32 values can fit into 32 bits. If you do, please let us know. Or to say this another way: I've read every IPng alternative proposal since 1992, and none of them avoid the problem of needing either dual stack deployment or address type translation or both. All the rest is details.
I never understood why IPv6 didn't just work like this:
where any address that only supplied 4 octets would be assumed to have sent 00.00 for the first 2. I mean, how hard is that? You're not going to run that out any time soon and everyone can keep the ones they already have. You could even leave it in decimal notation if you like, it really wouldn't matter any.
It's always seemed to me that IPv6 is determined to solve a bunch of problems we don't have by adding new ones we don't want, which is why no one wants to touch it.
The problems with IPv6 aren't really address-space-related, but complaints about the massive shift away from IPv4 methods of neighbor discovery and auto-configuration. The 48-bit address space option that you listed was surely debated and those involved decided that they wanted to never again revisit the need for expanded address space. Yes, the addresses look a lot different and won't be so easily remembered, but the tradeoff is the eventual demise of NAT (and by eventual, I mean at least two decades from now, probably).
In your example, you would have only provided for growth of ~65000x, but there's more addresses than that already in use worldwide based on the massive oversubscription associated with RFC-1918 private addresses. The much larger, 128-bit address space of IPv6 guarantees centuries of address growth without another redesign of network addressing.
All that said, the other components in IPv6 are completely, totally gay.
@PM - In your example, you would have only provided for growth of ~65000x, but there's more addresses than that already in use worldwide based on the massive oversubscription associated with RFC-1918 private addresses. The much larger, 128-bit address space of IPv6 guarantees centuries of address growth without another redesign of network addressing.
Well - no. He's actually defined a system for extension that could be reworked in a few years as well - just add another pair of octets up front with a "if not present assume 00.00".
I thought the intent was to allocate everyone a /64 subnet - so the IPV6 space is only 64 bits in terms of public facing addresses anyway (internal networks should be fine, reducing the oversubscription factor, but we are only doubling the length of public end points).
It's probably fine, but who saw the growth in mobile devices - what is next? I don't know, you don't know.
Solve the problem you have now...
Every time I've looked to try and do IPv6 I've been hindered by the complete lack of useful things to interact with - to the extent that I can't be bothered any more.
"Every time I've looked to try and do IPv6 I've been hindered by the complete lack of useful things to interact with - to the extent that I can't be bothered any more"
And there in lies the real problem. The world (and it will require the world) won't get serious about IPv6 until several of the majors effectively commit commercial suicide and announce that as from ddmmmyyyy they will be barring IPv4 access to their public websites/server and the only access that will be supported going forward will be IPv6...
There is a slightly variation on this scenario, which depends on how confident you are of your walled garden eco-system, so that you could make access to you eco-system IPv6 and only provide some "cheap and cheerful" gateway style access to the IPv4 world ie. stick two fingers up at net neutrality.
Unfortunately the people who ended up designing IPv6 came from the same stupid group who produced OSI. If it had just been designed by engineers then the simple design of adding two extra bytes would have been up and running long ago. (The original reason for the name of IPv6 was that the initial design (done by engineers) did just add two extra addressing bytes - then the design was screwed up by committees of idiots.)
No, what happened was that some of the people who've been in the trenches noted that IPv4 was getting long in the tooth in other, less-obvious ways (for example, the routing tables). Plus they were aware of the whole "640KB is enough for everybody" problem and wanted to make it as future-resistant as possible, so now you have two reasons why IPv6 was raised to 128 bits: to allow for much simpler routing schemes that can be done by a few broad rules rather than tons of narrow ones while simultaneously providing so much room that one would have to be wasteful in the extreme to run out of it in the foreseeable future.
The people who ended up designing IPv6 were very definitely not "the same stupid group who produced OSI". The IAB had pretty much decided that OSI CLNS was the way forward (it had, essentially, all the required features and working implementations), but there was an unprecedented outpouring of dissent from the IETF which almost led to the IAB having to resign. The IETF were determined to have a solution produced by them and although the result has some similar features to CLNS (which isn't surprising, as CLNS was essentially designed to be like IPv4 with some of the wrinkles ironed out) it definitely didn't come from the OSI crowd as they were very clearly personae non gratae.
So, triumph or disaster, this one is squarely down to the IETF.
Why do people have so many delusions about IPv6?
> the people who ended up designing IPv6 came from the same stupid group who produced OSI
Absolutely untrue. In fact the IPv6 designers specifically rejected OSI CLNP as the choice for IPv6.
> If it had just been designed by engineers
It was just designed by engineers.
> the simple design of adding two extra bytes would have been up and running long ago
It's true. And the deep problems we're facing today would be *exactly* the same - the need to translate between 32 and 64 bit addresses, and the need to support both (aka dual stack) in some scenarios. Also of course we wouldn't have got the actual benefits of the IPv6 design, but IPv4osaurs are incapable of seeing those.
> The original reason for the name of IPv6 was that the initial design (done by engineers) did just add two extra addressing bytes
Absolute bullshit. The reason was that the version code 5 had already been assigned. 6 is the next number after 5, all right? Also, Steve Deering's SIPP design was 128 bit addresses from the start.
> then the design was screwed up by committees of idiots
Most engineers are idiots from time to time, but you need to check your facts before spouting lies here.
Because whilst IPv4 has 4 segments, IPv6 would need 16 of them and it gets too hard to read.
You _can_ write IPv6 as aa.bb.cc.dd.ee.ff.gg.hh.ii.jj.kk.ll.mm.nn.oo.pp if you want. (hex or decimal segments), but you'll get sick of it in short order.
More to the point, even in your proposal, anyone using IPv4 can only see part of the address space and if you mean 48 bits with an extra 16 every so often the problem would keep repeating. It's better to make a large change now than lots of small ones as the disruption would be the same in either case so it's better to only have to do it once. (and as someone else has already pointed out, the world's IP address utilisation is already well beyond 48 bits)
For what it's worth, my current IPv6 address has my IPv4 address embedded in it (tunnelbroker services) and about 1/3 of my internet traffic is IPv6.
Be careful what you ask for, you might just get it:
Zen are also running a trial, and don't forget that some of the smaller "boutique" ISP's like AAISP and Aquiss already provide it as standard.
This post has been deleted by its author
Commas were used for octal IP addresses as in 177,0,0,1. That still works on some systems.
The ; would have made command lines in unix very unfriendly and the - had been used for UUIDs. The / was adopted for network size options but the : was used for a port ID. I still think the , would have been a better choice.
@pompurin - Why couldn't they have used commas or semi-colon instead of the colon?
And why move to hex?
The number pad is a really nice way to type in addresses, only takes one hand.
A-F are all left handed, so that's kind of OK, until that pesky colon, which moves the right hand back again - and it leaves you tracking the address with eyes only, not a finger.
Of course the idea is to DNS everything, so we never need to type an IPv6 address - which is fine, how do I log in to fix the DNS server?
As for the IP addressing issue...I'd probably look at external IPv6 and internally stick with v4.
I would stronglly suggest that you examine running dual stack. It will make the transition significantly easier, avoiding the need for DHCPv6 in the beginning.
Regarding the downvotes, I'm stunned that any forum posts don't register at least one downvote, given the typical manners of a regtard.
Best not worry about it and keep drinking.
Any ISP that has to allocate IPv6 prefixes to its customers will almost certainly have to offer a suitable router with pre-loaded firewall rules. Should be no problem with NICs - all OSs going back to Vista - even XP? - should support IPv6 out of the box.
I've run v6 for years but with a homebrew router. I was not impressed when my new TP link WA901 access point a couple of years ago had bugs with v6 on alternate SSIDs. Loading OpenWRT solved that problem. I think the day when the hardware manufacturers will have to provide and properly test v6 capability is now not too far off.
so when are the ISPs going to force all their clients to use IPv6 capable routers and NICs?
You mean when are clients going to force their ISPs to move IPv6. Mine has no plans in the foreseeable future, after all they have only been resisting introducing secure email for the last 7 or 8 years.
"so when are the ISPs going to force all their clients to use IPv6 capable routers and NICs?"
Surely given how few ISPs actually offer IPv6 and the issues noted by other commentors about the IPv6 backbone, the real issues are: when is the Internet backbone going to be fully dualled to the ISP's and when will ISP's have to offer IPv6 services.
Remember until the infrastructure and service is in place, there is little point in trying to 'force' a few billion consumers to upgrade.
"given how few ISPs actually offer IPv6"
That's a fairly uniquely British problem which will probably be rectified shortly after Ofcom agree that selling ipv6-less connectivity is not "full internet access" or one of the trading standards departments takes a stand on it as false advertising.
That's roughly what they did.
*Any* address size other than 4 bytes is going to break wire formats not only for IP but also for pretty much every transport protocol that goes on top, so 16 is roughly equal to 8 in this context. Then, having broken all other protocols (mainly in layer 4 but obviously also some address discovery protocols below and DNS stuff above) you have to specify exactly how you are going to repair them. So they did that, too, because they had no choice.
Another area where they had no choice was to produce *some* sort of 4-6 interop and (would you believe it) they did actually try the obvious solution (a special 12-byte prefix means an IPv4 address) suggested by three or four commentards here. Sadly this turned out to have issues and even if it hadn't, *any* interop solution requires changes to the IPv4 stack as well as the IPv6 one, so you are still faced with the question "How many times do we want to change the length of an internet address?". (Clue: the answer is "Zero, but if you put a gun to my head I'll do it once and fix everything whilst I'm doing it because there's no fucking way we will ever get this chance again.".)
Beyond that, the extra guff in IPv6 is a load of security which is optional but increasingly implemented in IPv4, some working multicasting which is again optional but almost universally supported in IPv4 routers, and zeroconf LAN configuration, which turned out to be such a good idea that people have tried to reinvent it for IPv4.
So I'm struggling to see what the problem is.
So I'm struggling to see what the problem is.
Shhhh!! Don't talk common sense and facts here! People want to hear more about how the absence of NAT means they can see exactly what device you're on and possibly its MAC address!
You are absolutely right though.
The 0::a.b.c.d IPv4-compatible IPv6 addresses were depreciated in RFC4291 section 22.214.171.124. IPv4-mapped IPv6 addresses (0::ffff:a.b.c.d) exist, work, but only exist so that an IPv6 socket can accept a connection from an IPv4 host.
Privacy extensions (default in Windows 7) mean that outbound connections can use a randomised IPv6 address so that the host just sees an address that corresponds to your network, not an individual host, just like the old days.
So it's pure FUD. A few tin-foil hatters that have their heads wrapped up a bit tightly.
What you're supposed to do in IPv6 is to maintain an internal network like you do before using Unique Local Addresses (fec0::/10) and let the firewall do the translating for you like it does now for NAT. If you change ISPs, the local addresses aren't affected, meaning you only have to reconnect the externally-facing ones. If you're worried about giving away your network topology by some slip, RFC4864 (Local Network Protection) provides for a way to scramble the mappings so that the topology from externally-exposed addresses differs from the local ones, meaning you don't give anything away.
But don't the IPV6 high priests denounce NAT?
The high priests invented NAT as a kludge around address shortages. Other use cases have been found for such facilities, and so they've been ported to IPv6.
In short, unless you're doing something very specialised, you probably won't have a need for it on IPv6 in much the way that you wouldn't have needed it on IPv4 if your internal network used public addresses.
It's not so much NAT that "the Gods" hate so much but one-to-many NAT, which breaks a fundamental tenet of the original Internet: end-to-end addressibility. The proposed techniques are designed around one-to-one translation, which they don't have a problem with. It's the firewall's job to make sure only those you want to expose are allowed.
Re: "The high priests invented NAT as a kludge around address shortages."
I was under the impression that NAT was created by a bunch of renegades (ie. non-academic real-world engineers), who got it adopted and widely used before the high priests really understood what was happening.
But something like NAT was going to happen because of the rise of personal computers/workstations, where people instead of being tied to a multi-user system either via an RS232 cable (or a TELNET terminal server) session, gained local/personal processing power and hence became able to bypass the multi-user system gateway and directly access the outside world.
"But don't the IPV6 high priests denounce NAT?"
The kind of translation being done is 1:1 - each host inside the firewall gets a unique external address, so inbound connections don't break horribly.
Contrast to IPv4 NAT which is mostly used to translate many internal addresses to a single external one and offers some shielding to the internal hosts as a byproduct, but it's in no way shape or form a security layer or intended to be one.
"Beyond that, the extra guff in IPv6 is a load of security which is optional but increasingly implemented in IPv4, some working multicasting which is again optional but almost universally supported in IPv4 routers, and zeroconf LAN configuration, which turned out to be such a good idea that people have tried to reinvent it for IPv4.
So I'm struggling to see what the problem is."
Agreed, even implementing IPv6 on your own network when your ISP is lame enough not to support it is fairly easy. And once it i's been set up it's pretty much fire and forget. For the happy diy types this link explains a lot: http://madduck.net/docs/ipv6/
" Then, having broken all other protocols (mainly in layer 4 but obviously also some address discovery protocols below and DNS stuff above) you have to specify exactly how you are going to repair them. So they did that, too, because they had no choice."
But this was a self inflicted injury and done knowingly!
Because the IETF didn't want anything to do with OSI; instead of simply taking the proven MAP/TOP crafted hack of the OSI protocol stack (which was basically an OSI version of TCP/IP, but vastly superior :) ), do some further refinements - which those running proprietary high-speed networks based on the OSI protocols had done to improve performance. End result a complete suite of protocols that worked together for very little extra effort!
Naturally, we are only looking at the IETF issues, only when an organisation switches over it's network will it discover all those essential applications that contain IPv4 dependencies...
A migration from IPv4 to IPv6 is looking more and more like Y2K all over again but this time it is unlikely to be so painless...
> Because the IETF didn't want anything to do with OSI; instead of simply taking the proven MAP/TOP crafted hack of the OSI protocol stack (which was basically an OSI version of TCP/IP, but vastly superior :) )
Oh puhleease! MAP/TOP was the biggest load of **** in the whole dung heap of OSI. TCP over CLNP was a serious contender, but MAP/TOP? Never.
>TCP over CLNP was a serious contender, but MAP/TOP? Never.
The variant of CLNP considered was the MAP/TOP/GOSIP profile... Obviously one of the reasons why it was dropped was because once you implemented CLNS you then also enabled (pre-existing and working) non-IETF controlled upper layer protocol stacks that didn't have the uncertainties that IETF controlled upper layer protocols had...
Other than this MAP/TOP/GOSIP and OSI itself were pretty much consigned to history by 1990.
that one of the biggest hurdles to normal user adoption is the human one - the fact that IPv6 addresses are all but impossible to communicate accurately without having them cut-and-pasteable.
How often do you verbally transfer v4 address info? All the time, and it's done without a thought. Now think about reading that IPv6 address to someone - and getting it right at the other end. So they took a piece of information that's conveniently remembered and gets conveyed a LOT verbally, and pretty much guaranteed that could never happen again. And they wonder why there's pushback!
"How often do you verbally transfer v4 address info? All the time, and it's done without a thought."
What are you talking about? For the average Joe, a DNS entry does all the heavy lifting, and those who have to deal with the IP addresses are usually in a position (near a networked computer or phone) to transmit these in a copiable format.
You get used to the prefix, and the suffix can be anything you like within the constraints of the address format.
So 2001:db8::192:168:1:1/64 is perfectly viable.
Yes, the format sucks, but you get used to it. I should know, I've been doing it for close to 10 years now.
until you have to read it out over the phone to someone......at which point it becomes a fuckwit's wet dream
the format is totally totally totally nonsensical, nonintuitive and nonuseable and nonviable
Yes, a pain in the colon, decimal numbers would be longer though. Yet, we seem to manage with hostnames, some of which can be equally diabolical to quote over a telephone.
As it happens though, the problem you describe was not invented by the Gods of IPv6, but rather, predates computers. Try quoting a radio callsign over the top of a thunderstorm on the shortwave bands! At least a telephone is largely noise-free.
Two-thousand and one colon delta bravo eight etc … isn't that big a deal to quote over a telephone.
its 10pm, the main router at remote site in Poland goes pop.
2am the remote hands arrive with the replacement router
3am its racked, powered and awaiting an ip so can be remotely configured,
IP v4 is fairly trivial to convey the ip, IPv6 will be much harder to convey to someone who does not speak english.
IP v4 is fairly trivial to convey the ip, IPv6 will be much harder to convey to someone who does not speak english.
IPv4, IPv6, IPX/SPX, NetBeui, wouldn't matter, a language barrier is a language barrier. The problem you describe of quoting addresses is one that will disappear as people get familiar with the format and adopt strategies for transmission over a voice link.
One of those I've already mentioned: using an internationally agreed-upon code (phonetic alphabet) for representing the digits. This is an old problem that has been solved decades ago.
Plus, technology moves on. Any tech worth his salt is bound to have a cell phone: if for nothing else than to receive dispatches and so on while on the road. A text-capable device on hand means you can text the relevant information, which the tech can then easily read. And if he happens to be be in a dead zone, odds are a reliable telephone will be difficult to locate also. Someone can just hike somewhere in range and go from there. That's what I had to do for the month or so I was in the sticks.
@x 7: "the format is totally totally totally nonsensical, nonintuitive and nonuseable and nonviable"
I think you mean:
"The format is totally, totally, totally nonsensical, counterintuitive, and unusable, and nonviable."
Your frustration is clear. So correct formatting is something you find challenging, that's okay. Maybe, though, you should take a moment to ponder before you blow your top at experts who have spent a long while and done a lot of consultation arriving at IPv6?
No, I meant exactly what I said. Otherwise I wouldn't have said it.
As for your suggestion that I should metaphorically doff my hat to experts, please don't talk crap. I've known enough experts over the years to know that in many cases their "solutions", however carefully thought out and appraised, have no real-world functionality or viability. As for "consultation"....in this case they obviously failed to consult with the people who have to use it
Probably because the world and their dog would complain that everything is broken if they had to view the world through a 6to4 translator shared in common with few thousand other people.
It's all well and good having an IPv6 address, but until all the world's services are IPv6, it's going to break things if your house doesn't have at least one IPv4 address to itself.
Adding an IPv6 address and connectivity to your own website will bring benefits, he told us, because those networks tend to be less congested and more direct
Eh? It's the same network for the most part isn't it? Just a different protocol. I suppose it might cut out one NAT exercise but otherwise why would the routing be any different?
Actually, it's an indication of how IPv6 is failing.
If IPv4->IPv6 were a smooth transition, then the topologies would be the same and traffic would follow the same physical paths.
In practice, what happens is that many people who peer on IPv4 may not on IPv6, and vice versa.
In particular there is one Tier-2 backbone which for a long time has been trying to position itself as a Tier-1 on IPv6. It tries to persuade the genuine Tier-1's to peer with them; it even buys them cake.
But in order to get to this position, and generate lots of traffic through its network to make itself an attractive peer, it has been offering free peering and tunnel services to pretty much anyone anywhere. (Incidentally, if it didn't do this, much of the IPv6 world would be unconnected islands)
So in practice: it's not unusual to see a traceroute take one path, and a traceroute6 to take a different path, often via HE.
But that's an indication that many of the key interconnections are *not* doing IPv6, so the IPv6 is forced to take an alternative path, offered only out of the generosity of HE.
On the flip side, it means that if you are a paying customer of HE, there are large parts of the IPv6 internet you cannot reach (i.e. those parts which are on the Tier-1 backbones which refuse to peer with HE, cake or no cake)
Sounds like a mess? It is.
Actually, part of why IPv6 is faltering is because IPv4 is failing. Mainly, the very routing you describe is the problem. It's become about as tangled as the underbelly of a server room. The numbers don't correspond neatly to what exists physically, which means the routing tables become complicated: to the point the 512,000-entry size limit is coming into play. Part of the push to IPv6 is to try to disentangle this mess and make neater routing rules that don't require oodles of entries to accomplish.
*In particular there is one Tier-2 backbone which for a long time has been trying to position itself as a Tier-1 on IPv6. It tries to persuade the genuine Tier-1's to peer with them; it even buys them cake.
That post is _6_ years old. That's a long, long time ago now. I think we can all say things look rather different now: www.google.com/ipv6/statistics
It doesn't affect the fact that *today*, topologies for IPv4 and IPv6 are very different.
If you want to talk about traffic volumes:
- 7% of traffic volume from Google (a dual stack provider) is IPv6
- anecdotally, if you dual-stack an access network, about 40% of your traffic volume is IPv6. The rest is coming from single-stack providers of course.
- combining the two, this suggests around 3% of total Internet traffic is IPv6.
That's a pittance. It means IPv6 is still irrelevant, and there is little business reason for anyone to deploy it, when everyone you want to talk to is on the IPv4 Internet.
It's like the Boris Island Airport. Sounds like a great idea, but it won't actually get used unless they shut down Heathrow - and nobody wants to do that.
Does anyone know if simple CMS software such as Wordpress and Joomla are IPv6 ready? How well are we able to firewall this and monitor logfiles for intrusions and APT in progress? I recall from a certain project I'm not allowed to talk about that the extensible headers were considered a risk as they could carry a covert channel (and firewall software had at the time that I looked at this no way of filtering that out) - etc etc etc.
I know that I have at present both an IPv4 and an IPv6 address from my ISP, but I haven't seen the IPv6 show up yet other than at "whatismyip.com", and that was once. I actually have to check if IPv6 is still enabled (update: yup - which raises another question: just how far can an Internet user reach directly into the devices on my network?)
Last but not least, it means I have to come up with some form of mnemonic to memorise DNS IP addresses as they are a *lot* longer...
It hardly seems like four years since I had the same thought about address exhaustion in this region. Since then, even home routers come with IPv6 support. The local Internet Society has regular events saying how everyone should switch.
Yet, last week I was contacted by a sales droid of a local ISP, "please switch to our business broadband", "what about IPv6?" I asked, and had to wait for senior sales droid to reply, "why would you want that?".
Either local ISPs are completely clueless, or they are desperately hanging on to charging increasing rates for tiny IPv4 static blocks, and want to charge a premium rate for IPv6 "early adoption" before the party's over.
are speaking from a technical point of view (elegant, clean, lots of addresses, ISP vs home users and so on).
Now what I'd like to see here is the same exercise but from a business point of view. Let's take a large multinational enterprise with global presence and lots of business critical 24/7 systems. Their internal connectivity works just fine but it will cost billions and will incur risks for their business line just because Internet runs out of public addresses. Imagine you have to present this project in front of a risk-averse board in the current economic situation.
How should you do it ? What would be the best approach ?
In my opinion, in their quest to make sure from the start that people will move to IPv6, the high priests of the new protocol have made the cohabitation between the two version as difficult as possible. Dual stacking would not do the job since it implies the same effort, risk and costs which would hardly justify the benefits since Internet still works fine on IPv4. It seems it's the large internal networks that are holding back adoption of the new Internet protocol. Looking back, it now seems RFC1918 was not a good idea.
What would happen if ISPs simply turned on IPv6 for those who can use it, that is every home and SOHO running a supported Windows or OS/x system? That would free up a lot of IPv4 addresses.
Would that take the pressure of the large enterprises so they could make their changes at their leisure over the next 5 years?
That would free up a lot of IPv4 addresses.
No it wouldn't. It would just add an IPv6 address to the IPv4 ones.
Or are you suggesting giving out only IPv6 addresses? If only it were that simple, but it would break most home setups other than those simple ones using a modern PC to connect to Google and Facebook. Do you fancy setting up a hell desk to explain IPv6 to someone's Granny who just wants to know why the online shopping that worked yesterday doesn't work today?
What, for example, about all the devices I have on my internal network that are IPv4 only? Internet radio, satellite boxes, DTT STBs, NAS, etc.? Some are not that recent, granted, but they would still cost me a fair amount of money to replace, and some can't be replaced. They still need some way to reach their IPv4 peers.
If any ISP took that sort of unilateral action the only effect would be to send people scurrying to the competition.
At some point ISPs will have no more v4 addresses to hand out, either fixed or dynamic. At that point new customers will *have* to have a v6 prefix. The way I see that working to support legacy v4, both in the home and in the Internet is two bits of kit.
1) In the home, the router supports an internal v4 rfc1918 network that NATs to a specific v6 external addresses in the prefix range, so v4-only hosts can connect out. radvd or dhcp6 will identify v6-capable hosts internally that can just pass through the router/firewall. Although the v6 hosts would also get an internal v4 address from the router, DNS64 would make all their external traffic go via v6, and they would only use v4 to connect to internal v4-only hosts.
2) At the ISP, run proxies with a mix of DNS64, NAT64 & 464XLAT to manage the connection from v6 hosts in the home to v4 hosts on the Internet via temporary v6 addresses allocated at the proxy.
There are probably edge cases that don't fit this model but that happened with v4 NAT and handlers got built into the NAT gateway code. Similarly this will get solved here.
Unfortunately I have a suspicion that some ISPs will instead go the v4 carrier-NAT route (mobile operators have already done this, at least in the UK), which at this point is rather more mature:(
In the home, the router supports an internal v4 rfc1918 network that NATs to a specific v6 external addresses in the prefix range, so v4-only hosts can connect out.
And what good will that do, since those hosts don't speak v6 and so won't be able to communicate end-to-end with v6 hosts on the network?
>And what good will that do, since those hosts don't speak v6 and so won't be able to communicate end-to-end with v6 hosts on the network?
Well it depends upon the amount of intelligence you envisage there being in the network and the extent to which end-to-end stuff depends upon actual IP addresses rather than domain names etc. But basically, the router becomes a man-in-the-middle/proxy/gateway. Yes some protocols, as they stand, won't work but is that really an issue given what most people use the Internet for and hence which protocols are most used?
The main downside is that I doubt the necessary processing power can currently be put into a router that retails for sub £60 that ISP's could give away for free... The other downside is that some of the protocols that get broken are quite useful...
And what good will that do, since those hosts don't speak v6 and so won't be able to communicate end-to-end with v6 hosts on the network?
The point is that the v4->v6 in the home router works in tandem with the proxy at the ISP to go v6->v4 again. The ISP could, of course, hand the v6->v4 function off to a third pary if they are themselves a v6-only ISP (more and more likely in the future).
Now the 128-bit question. How does a device that can ONLY talk in IPv4 make a two-way connection with a device that ONLY has an IPv6 address? Odds are the answer is, "You can't." Which will become an issue as more and more places can't get IPv4 addresses, making devices obsolete that are impractical to replace.
The principles for relaying TCP/UDP packets between IPv4 and IPv6 endpoints are relatively simple, the following give a brief overview of key methods:
However, depending upon the exact protocols being used over TCP/UDP and application constraints, things may or may not work...
This post has been deleted by its author
you would need some sort of IPv6 to IPv4 conversion somewhere to enable you to still connect to the old internet.
Lets face it, the standards people messed up with ipv6 by making it not back/for wards compatible with ipv4. IPv4 was fixed with NAT, IPV6 needs a similar conceptual fix to enable us to easily port off IPv4.
"Lets face it, the standards people messed up with ipv6 by making it not back/for wards compatible with ipv4. IPv4 was fixed with NAT, IPV6 needs a similar conceptual fix to enable us to easily port off IPv4."
The problem with backward compatibility was that IPv4 was getting long in the tooth and trying to bung it on meant bringing on all that baggage with it when one of the goals of IPv6 was to try to abandon that baggage like the complicated routing tables.
I see what the one commenter is trying to say: too many devices are both IPv4-only AND EOL (meaning no more firmware updates meaning forget about IPv6 compatibility) so are basically locked out of the IPv6 net and dependent on IPv4 addresses to work, DNS or not (plus things like IP radio routinely use raw IP numbers because of the amateur nature of many of the stations). If you don't have an IPv4 IP, the other end has no practical way to talk back to you (and you can't rely on a temporary IPv4 IP because that basically makes a one-to-many NAT from the opposite direction), meaning you're kinda stuck.
"where any address that only supplied 4 octets would be assumed to have sent 00.00 for the first 2. I mean, how hard is that? You're not going to run that out any time soon and everyone can keep the ones they already have. You could even leave it in decimal notation if you like, it really wouldn't matter any."
I think that could be possible in theory. Per wikipedia, "deprecated" method of supporting IPV4 is ::192.168.0.1 (so 00:00:00:00:192.168.0.1 to connect to 192.168.0.1). Recommended method is ::ffff:192.168.0.1 (00:00:ff:ff:192.168.0.1 for 192.168.0.1). This means ::0001:(IP) through ::fffe:(IP) are unused, it would be interesting if these could be allocated to the current IPV4 holders. That said, I don't know if there's an advantage. The sites would still have to support IPV6 anyway and it may well be that allocating fresh IPV6 ranges would result in having a much cleaner IPV6 routing table.
One thing that was running years back that really did use a pretty large block of IPs, it might have been MIT that was running this "internet telescope". If I recall correctly, they routed like a full /12 (about 1 million addresses) that had NEVER been used (they were allocated to the University for years but never actually used by them) onto this network, and just had a computer running tcpdump on it to analyze the results. (This computer did not have an IP in this range, and did not resopnd in any way, just passively log connection attempts). It was interesting, they analyzed what types of "bogons" (packets from invalid sources) came through, and were getting plenty of incoming packets from worms, viruses, and port scans.. enough that they could determine the scan patterns of these (like picking the "next" IP fully randomly, scanning a /24 at a time, scanning a few IPs out of a block then moving on to the next, scanning a few IPs out of a block then picking the next block randomly, and so on.)
I can't help feeling resisting IPv6 at this stage is a bit pointless, it's a done deal. What is the alternative, we go back to the drawing board and let the engineers design IPv7. Guaranteed it would have a ton of features people didn't want and then we'd have to rewrite all those network stacks that and no doubt install a ton of new network equipment etc etc. There's no way that's going to happen it's IPv6 warts and all or we stick with IPv4 and come up with every more obfuscated ways to divide up 4 billion addresses.
Personally speaking you'll have to pry my IPv4 address out of my cold dead hands but even I accept that one day I'll have to move to IPv6.
"What you're supposed to do in IPv6 is to maintain an internal network like you do before using Unique Local Addresses (fec0::/10) and let the firewall do the translating for you like it does now for NAT."
I'm glad you mentioned this. I kept wondering "If things go entirely IPV6, am I really going to end up with these routable IPV6 addresses, and have to set up firewall rules instead of just running NAT?", I didn't realize there was actually a solution for this. 8-)
I guess actually two -- the second, "unique local addresses", you can literally do whatever you want under fd:: and it should not be routed onto the public internet, so you either have NAT or no internet access. IETF urge you use a randomly generated fdxx:xxxx:xxxx:: network prefix, so for example if two businesses merged their networks they'd be statistically unlikely to have an address conflict.
@ Henry Wertz 1
originally the last 64 bits were the MAC address of the workstation. Privacy concerns meant they had to change that.
IP addressing is designed and deployed to be hierarchical, its of no use to have random addresses across the environment (the current situation on LANS with MAC addressing) as you wont know where to send the data when you have multiple subents and sites. this is why IPv6 has provision for 16 or 8 bits per customer to permit customer subnetting.
IIRC, IBM's 126.96.36.199/8 isn't even advertised; and from memory the range is used by zOS / whatever they're calling it now for inter-mainframe comms on private networks. I understand they don't _need_ it, but allocating it to someone else and suddenly making it routable might cause... entertainment, shall we say, for zOS users :-D
Just checked with our web host and they don't support IPv6 and have no plans to support it in the foreseeable future. Thinking about it, it makes perfect sense - IPv4 becoming a scarce resource is an excellent business opportunity for hosting providers, who can start jacking up the prices. Why would they want to ruin this opportunity voluntarily?
Why does there seem to be so much fear out there around IPv6 and its adoption?
NAT was a horrible kludge bolted on to the original IPv4 design to give it a much needed longer lifespan.
Peeps continue to confuse NAT with security. I loved the post about if I move to IPv6 then I need to implement a firewall - you ALWAYS need to implement a Firewall. Firewall = security (or lack of it). At best NAT = obscurity.
I've been running IPv6 on a limited scale for years now and it largely just sits in the background chugging along - No I don't know what my Itvs address is, but TBH I don't really care DNS is there for address lookup. I used to have a head full of phone numbers that now reside in the contacts app on my smartphone, do you really need to memorise IPv6 addresses?
Great Article on IPv4 Run Out. My opinion, is that with ARIN runout, there are no more “free IPs”. The low hanging fruit has already been sold. With large blocks, in observing the IPv4 marketplace, the low hanging fruit of Merck, Lilly, Dupont, and Nortel have seemingly mostly been sold. This means that the next available large blocks do not appear to be as free or available. The large blocks remaining to be sold either need to be re-IP’d, for which the sellers want more money, or the sellers have simply set a higher price threshold. Thus prices are on their way up.
Great article on the implications of IPV4 Run Out. I have some thoughts on IPv4 pricing published at http://ipv4marketgroup.com/ipv4-pricing-in-a-post-arin-runout-world/ To summarize: With ARIN runout, there are no more “free IPs”. The low hanging fruit has already been sold. With large blocks, in observing the IPv4 marketplace, the low hanging fruit of large blocks has mostly been sold. This means that the next available large blocks do not appear to be as free or available. The large blocks remaining to be sold either need to be re-IP’d, for which the sellers want more money, or the sellers have simply set a higher price threshold. Thus prices are on their way up.
What the hell is with El Reg these days, this is SUCH an old story - at least 4 years old. This is NOT ever going to be an issue, because those that want IPv6 must now agree to release ALL of their existing IPv4 before they will be granted IPv6. Thus opening up more IPv4 blocks, so they will never really go away much.
"This is NOT ever going to be an issue, because those that want IPv6 must now agree to release ALL of their existing IPv4 before they will be granted IPv6."
Then explain companies like Google who are dual-stack, meaning they have BOTH IPv4 AND IPv6 addresses. I'm pretty sure anyone who wants an IPv6 block won't give up their IPv4 blocks anytime soon for legacy reasons (otherwise, they'll be cut off from IPv4-ONLY customers where an end-to-end two-way connection is essential).
I enabled my home network for IPv6 some time back. I started with an HE-net tunnel before switching to an ISP that supported IPv6 natively. Once you've got it set up, it pretty much just works for any site that returns an AAAA record from a DNS lookup. The router is easy to configure too, default deny everything inbound but add a router entry for any inbound stuff that corresponds to an IPv4 NAT forward and you should be OK. As service providers configure their IPv6 and publish AAAA records, my usage of them will seamlessly switch over.
Most bits of kit I connect to the network seems to auto-configure IPv6 quite happily now, I have very few things that are IPv4-only.
My only gripe about it at the moment is that Comcast occasionally change the IPv6 prefix they assign, a bit like occasionally changing your almost-static IPv4 address. Then I have to go edit a bunch of DNS records to suit.
"Most bits of kit I connect to the network seems to auto-configure IPv6 quite happily now, I have very few things that are IPv4-only."
You're lucky, then, but many other people possess IPv4-ONLY hardware that are expensive to replace and too useful to abandon. What happens to those people who rely on this kind of hardware and no IPv4 address essential for them to function is at hand?
A number of years ago I received a call saying that we couldn't reach a well-known-museum-based-in-South-Kensington's web site from our internal LAN via our proxy servers but it worked fine from the wifi network on the campus.
After much head scratching & eventually getting hold of someone at aforementioned museum I discovered that they were using the same IP range for their internal network as had been allocated to us for our public addresses and therefore NAT addresses. Consequentially return traffic was being routed to their internal LAN and not back to us... This took quite a bit of explaining...
(The Wireless wasn't affected as it was on a different subnet)
Once I'd discovered this I could re-program the NAT router to use a different set of IP specifically for traffic to the museum while they set about a program to renumber internally. This work-around was fine until I had to hand back the address space that I was using for the work-around and the problem resurfaced.... (in fairness they'd only had 2 years to renumber at this point)
Biting the hand that feeds IT © 1998–2022