Re: If IP6v hadn't been made so goddamn complicated...
Most people moaning about the take up rate for IPv6 do not have a clue about how organisations use IPv4 and the challenges they have moving. It's not all about connecting to Facebook or google.
When your business systems have been built on IPv4, the designers, architects and programmers long gone, your locked into legacy systems that barely function on IPv4 without an array of cludges, it's impossible to migrate that mess to IPv6. It needs a rebuild and no one wants to spend the money rebuilding something that works reliably. Permitting the public IPv6 access to your website is trivial in comparison and I imagine reverse proxies are already in place providing invisible translation.
IPv6 has many many flaws, many of which could have been designed out if they bothered to learn IPv4's lessons or if it was developed later. The design of IPv6 looks like Ethernet protocol engineers took umbrage at tcp/ip and tried to make a better l3 that could replace l2, the original intent of course for IPv6 to use the interface MAC address for the last part of its l3 addressing. The anti NAT posture was relevant in the 90's but we have all moved on now and NAT is a valid mechanism for obfuscation and preventing unsolicited access across routed domains. Don't fall into the trap believing a firewall is the great saviour. Firewalls protect badly configured systems from unwittingly exposing vulnerable connection sockets. If the application had proper security controls there would be no need for a separate system to protect it. A firewall configured to allow access will not prevent a vulnerable app from being compromised, fixing the buggy software does that. Hundreds of millions of phones and tablets that are used to process and store sensitive information are on the internet right now with no firewall and have not caused a huge security incident as they have not been compromised.
We need a better IPv6 or IPv8 or whatever, one that is backward compatible so the many thousands of internal legacy systems still work and takes into account the many lessons learnt in IPv4 that won't or can't be incorporated in IPv6, proper one to one NAT being the most obvious missing piece. Proper NAT goes a long way to migrating to a new system.
Biting the hand that feeds IT
