Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

The Death of IPv6

By mybostinks in Internet
Mon Aug 25, 2008 at 12:51:59 PM EST
Tags: (all tags)

At some point in the near future the Internet will run out of IPv4 address space. This problem has been recognized and addressed since 1992. IPv6 (IPng, IP next generation) was selected as the replacement.

There is one big hurdle however, no one is implementing it. In fact, my bet is that IPv6 will never be implemented, at least not with the current specification of IPv6. I predict IPv6 as it stands now will simply fade away.

IPv4 has a finite and quickly depleting address space. IPv4 has 2^32 addresses available or 4,294,967,296 addresses. The world population is around 7,000,000,000 people. It is easy to see that if every person on earth had a computer they could not have an IP address allocated to them. Not everyone has one now but then not everyone will need a computing device or their own public IP address. A vast majority of Internet users use NAT whether at home or at work and don't realize or care about it. Besides, some of us are IP address hogs. Many of us use more than a desktop computing device. I have a home LAN, a cell phone, VOIP and a GPS to name just a few. All these devices have IPv4 addresses. Most people that have these devices consider them critical to their lifestyle. At some point, someone will get the last IPv4 address or so it seems.

But we have IPv6. IPv6 has a definite advantage over IPv4. The main advantage is that it has 2^128 addresses or 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses...virtually an infinite number. Clearly then this solves the IP address problem. With these numbers you could have as many IP addresses as you wanted for every person in the world for now and in the forseeable future. There are other advantages to IPv6 such as auto-configuration (mandatory), security (IPSec is mandatory) and many others related to engineering.

The problem is that not only are the big guys not migrating to it, but also no one has any motivation to use it. Currently, IPv6 traffic is .0026 per cent of IPv4 traffic. When was the last time you configured your desktop or notebook to go to an IPv6 web site? When did you last send or receive email via IPv6?  When was the last time you used IPv6 ftp or connect to a game server using IPv6? Call your ISP sometime and ask them when they plan to start migrating users to IPv6. If your ISP helpdesk is like mine  the customer support person won't have any idea what you are talking about.

Google just recently implemented IPv6. ISPs, Telcos, Microsoft, Facebook, MySpace, K5 and Yahoo have not implemented it and have no working plans to implement it or migrate to it in the near future either. So why aren't they doing something about it? In short they're not or at best they have it running on a few servers.

Since henny penny announced that the IPv4 sky was falling there have been workarounds that have held off the total depletion of IPv4 address space. The most significant of these has been the use of NAT (Network Address Translation). It allows a large number of devices to share one IP address. Some but not all of the earliest adopters of the Internet have given back millions of IPv4 address blocks and these have been placed back into the pool of available addresses. Even so, available IP address space continues to shrink.

Everyone in Internet engineering agrees that something needs to be done. Not everyone agrees that IPv6 is the way to solve the problem. The most visible aspect of this is inoperability failure. Most Internet servers/routers/switches are not currently talking to IPv6 clients. IPv6 clients however are able talk to IPv6 servers but at this point...so what?

U.S. government agencies for example had to be IPv6 compliant by June 30th of this year. This mandate though met, did not say it had to be used, it just had to be IPv6 ready. The U.S. government agencies having met the goal however did not translate into significantly more IPv6 traffic to these government agencies. The U.S. and Europe own most of the IPv4 address space but Asia, which is the largest user of IPv4 address space is also the largest user of IPv6. Even so, there little to no content on IPv6 and therefore there is little usage of it. This fact alone is preventing migration to IPv6; no one uses it so why migrate to it.

The cost of migrating

The fundamental issue is that the specification states that IPv6 is an alternative to IPv4 when it should have been an extension of IPv4. For anyone providing content on the Internet to make IPv6 available they have to:

  1. Acquire IPv6 address space

  2. Configure DNS to announce the IPv6 names alongside IPv4 names

  3. Then configure all their public servers to answer to IPv6 as well as IPv4 requests.

In other words, businesses and consumers have to go through an extra expense and effort to transition to IPv6 and when they do, they receive no benefit in doing so. This also applies to the clients doing essentially the same thing and when they do, they have no immediate benefit either. Migration to IPv6 has to be automatic and transparent. Otherwise it will be a bigger problem then Y2K. There needs to be a universally accepted plan that when implemented will bring everyone that has a computer on board at roughly the same time. This is the big failure of IPv6 as it is today. There is every reason to do it countered by every reason to not transition to IPv6.

As it stands right now, who will be the first person to disconnect from the current IPv4 network where they can send and receive email, buy products and services via e-commerce sites like Amazon.com or Ebay, conduct searches on search engines, look something up on Wikipedia, surf for porn  and do their personal banking? If that person decided to do that would he now be able to reach any of those sites?

The Address Translation solution

Address translation was a band-aid that was developed to address the IPv4 problem. Address translation and its subset port address translation however are only temporary solutions. It still puts off the inevitable. If you have a broadband firewall/router and a number of internal computing devices on your LAN you are likely using address translation. What this does is it allows a large number of devices to access the public internet with the same IPv4 address plus a port number. Each port number is different and is stored in a table in your firewall/router. When you receive an Internet response to your request the firewall/router then knows which computer to send the response to.

For years address translation has worked very well. The only problem is that it doesn't scale indefinitely. There are a limited amount of ports. On your home network this isn't a problem. You are not going to use 65000+ ports even if you could connect every electronic device in your home. The problem arises with large enterprises or ISPs that use address translation. When it does, they request more IPv4 addresses and the depletion of IPv4 addresses though slowed, still occur. Address translation has delayed the inevitable to some point in the future.

The IPv4 'Stock Market': The next wave

There have been quite a number of discussions about buying and selling IPv4 addresses as a finite commodity. There are many users of IPv4 address space that have more IPv4 address space then they need. Here are a few holders of /8 CIDR blocks (each /8 consists of 16,777,214 public IP addresses). Some of these businesses and agencies might need this many but do they?:

General Electric - - 16,777,214 addresses

Level 3 Communications - - 16,777,214 addresses

United States Department of Defense - - 16,777,214 addresses - critical military use is on their own non-public networks

United States Department of Defense - - 16,777,214 addresses

Level 3 Communications (originally BBN) - - 16,777,214 addresses

IBM - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

AT&T WorldNet Services - 16,777,214 addresses

Xerox Palo Alto Research Center - - 16,777,214 addresses

Hewlett-Packard - 16,777,214 addresses

Hewlett-Packard (originally DEC, then Compaq) - - 16,777,214 addresses

Apple Inc. - - 16,777,214 addresses

Massachusetts Institute of Technology - 16,777,214 addresses

Ford Motor Company - - 16,777,214 addresses

Computer Sciences Corporation - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

Chopped up between different Cable Networks - - 16,777,214 addresses

Royal Signals and Radar Establishment - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

AT&T Global Network Services - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

Halliburton Company - - 16,777,214 addresses

Merit Network, Inc. - - 16,777,214 addresses

Performance Systems International - - 16,777,214 addresses

Eli Lilly and Company - - 16,777,214 addresses

Amateur Radio Digital Communications - - 16,777,214 addresses

Interop Show Network - - 16,777,214 addresses

Bell-Northern Research - - 16,777,214 addresses

Prudential Securities Inc. - - 16,777,214 addresses

Department for Work and Pensions of UK - - 16,777,214 addresses

E.I. DuPont de Nemours and Co., Inc. - - 16,777,214 addresses

Cap debis ccs (Mercedes-Benz) - - 16,777,214 addresses

Merck and Co., Inc. - - 16,777,214 addresses

United States Department of Defense Network Information Center - - 16,777,214 addresses

United States Postal Service - - 16,777,214 addresses

SITA - Société Internationale De Telecommunications Aeronautiques - - 16,777,214 addresses

These are just a few. Some of the above are scheduled to give back blocks. But clearly there are companies and Department of Defense that do not need that much address space. Does Merck, Ford Motor Company, Halliburton, Eli Lilly, Prudential Securities, etc need that much address space? I doubt they do. The DoD alone has 167,772,140 public IP addresses.

The Final Solution: Let IPv6 Die

What I think should be done now is to scrap the IPv6 specification as it stands. Retain the useful parts of IPv6, form a new engineering group and come up with a sensible and workable plan that seamlessly transitions from IPv4 to something similar to IPv6.

I find it hard to believe that with all the world's brain power in this field, that the only solution possible is the IPv6 specification that we have now. The current half-baked plan as it stands is doomed for failure and extinction or at best setting back Internet usage 10 years by creating isolated islands of content providers and users.

Requirements for a new plan should include the following:

  1. It should be a seamless migration to users of the public network. Waiting for the last IPv4 address to be used should not be an issue.

  2. It should be backwards compatible with IPv4 and extend IPv4 until the new IP address space is the only IP version being used. IPv4 should just fade away.

  3. It should be required and NOT available as an alternative. Everyone needs to jump on the bus.

  4. It should be easy to set up and be maintained by content providers. Running dual systems should not be necessary.

It's been 16 years since the problem has been addressed and very little to nothing has been done to migrate away from IPv4. We still have time to scrap IPv6 and come up with a more solid, reasonable and workable plan. The time to start is now.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Yahoo
o Google
o Also by mybostinks

Display: Sort:
The Death of IPv6 | 65 comments (56 topical, 9 editorial, 0 hidden)
Why do I care? (1.70 / 10) (#1)
by Kariik on Sat Aug 23, 2008 at 05:23:23 PM EST

Oh, right, I dont.

You seem to be submitting this to the wrong audience.

Any new system is going to require some work (2.00 / 2) (#5)
by Zombie Schrodingers Cat on Sat Aug 23, 2008 at 06:49:18 PM EST

and that costs money.

Now when they start charging money for an ipv4 address while the ipv6 address is free, that will provide businesses and individuals to spend the extra time/money to get ipv6 working.

it already costs money (none / 0) (#7)
by mybostinks on Sat Aug 23, 2008 at 07:09:19 PM EST

if you get a CIDR block from IANA for a portable address space.

[ Parent ]
this article is myopic and premature (2.55 / 9) (#9)
by lonelyhobo on Sat Aug 23, 2008 at 07:26:35 PM EST

The facts:
  1. DNS servers just started supporting IPV6 a couple months ago. This means that the infrastructure JUST got into place for companies to switch over.  And you've already got google, one of the leaders in what's "technologically fashionable" to switch.
  2. IPV4 is backwards compatible to IPV6.
  3. The IP address space is 2/3rds exhausted and expected to be completely exhausted nearabouts 2010.
  4. Most drivers/firmware for routers and critical network infrastructure IS ipv6 capable. This with #2 provide it will be a pretty seamless transition.  There will be problems, but there are problems in ANY transition like this.
  5. Requiring a transition like this will cause an even bigger mess than the Y2k freak-out.

NAT is not a solution.  And this article sucks balls.

Not correct (2.50 / 2) (#11)
by mybostinks on Sat Aug 23, 2008 at 07:50:19 PM EST

  1. My DNS server at work has been running IPv6 for several years and there have been very few lookups for any of our IPv6 addresses. The reason is no one uses it because content is minuscule on IPv6.

  2. Wrong...You cannot have an IPv4 only IP address (even if IPv6 is enabled on your computer) and go to a IPv6 web site for example, they are not backward compatible to IPv4. The only way you can do it is by going through a special gateway. Which one do you go through? When was the last IPv6 web site, ftp server or mail server that you visited or got email from?

  3. That may or may not be correct. Call your ISP and ask them when they plan to change over to IPv6 and how they plan to change over their customers.

  4. Yes nearly all computing devices are IPv6 capable but routing is only part of the problem. Content providers aren't providing content on IPv6 servers. If it were seamless then post the IP address of Google's IPv6 search engine and see how many users here can reach it.

  5. This will have to be forced not on the users as much as it will be need to be forced on providers. I stated that IPv6 as it stands now will be a bigger mess (or as big a mess) than Y2K.

[ Parent ]
yes, correct (3.00 / 4) (#13)
by lonelyhobo on Sat Aug 23, 2008 at 08:11:25 PM EST

  1. the GLOBAL nameservers, not the little podunk shitbox you're running for horsefuckers inc

  2. the words "IPv4 only address" is absolutely nonsensical, as all IPv4 addresses are represented in IPV6 directly.  You seriously lack an understanding of IPV6 if you don't get that.  You will need a special gateway for IPV4 devices that lack any understanding at all of IPV6, but you can't act like NAT is such a great solution while this is terrible when they're very similar in ideology.  No, as you said, I haven't received email from IPV6 nameservers, but as I said, there's still a whole 1/3rd of the IPV4 namespace free, so I don't expect anyone to give a good goddamn about IPv6 right now. This applies to your 3 & 4 too.

  3. Any infrastructure change of millions of people will be a mess.  There's no magic gumball and candy canes solution for the IP exhaustion problem.  Acting like there is or could be one shows that there is something fundamentally wrong with your thinking process.

[ Parent ]
YFI still (none / 1) (#15)
by mybostinks on Sat Aug 23, 2008 at 08:37:55 PM EST

  1. I don't run a podunk shitbox nameserver YUO DO.

  2. IPv4 IS NOT IPv6 period. Again post a cheesy website that I can go to now, I mean right now without going through an IPv6 gateway. Google has a search page in IPv6. It is unreachable unless I find a gateway for it. How many people do you suppose right now use an IPv6 gateway to do anything useful on the internet? If you read the article I stated that NAT is a band-aid NOT a solution. If you read the article, I imply that the sky IS NOT falling. Most users don't care about depletion of IPv4 space nor should they, it's not their problem.

  3. This is simply not true but a matter of opinion I suppose. I believe it can be done with little interruption. Technology created this problem and technology can provide a better solution then the CURRENT IPv6 specification.

[ Parent ]
you're a fucking disgrace to network administratio (3.00 / 2) (#17)
by lonelyhobo on Sat Aug 23, 2008 at 08:43:27 PM EST

  1. I do a little higher level of computer janitoring than network monkey.

  2. Do you not fucking understand human behavior?  While things are available freely we do not change.  Look at oil for an example of this you fucking moron.  And again, the infrastructure to make this kind of change was JUST PUT INTO PLACE A COUPLE MONTHS AGO.  FUCK.

  3. You must never, ever, ever, ever, EVER, had to make any sort of migration if you believe something this blindly ignorant and naive.

[ Parent ]
I ROR'ed (none / 0) (#18)
by mybostinks on Sat Aug 23, 2008 at 09:04:45 PM EST

OH! so you are accessing this via IPv6? ...Doubtful you will do it in the near future too.

Read this article: http://techdirt.com/articles/20080121/21182230.shtml and this one http://blogs.globalcrossing.com/ipv6-resistance. It clearly states that IPv6 is not useable by most users of the internet.

The way I see it, getting denied for a new IPv4 address and being given an IPv6 address block may be the only catalyst for IPv6 deployment in the LAN.  Early IPv6 deployments in the LAN that are forced due to unavailability of IPv4 addresses only will employ a NAT with external IPv4 addresses (or address), but they will function more or less identically as the use of RFC1918 space would.  IT Network Managers will have decide if they go with an IPv6 implementation over the more familiar private address space.  They will have to use a NAT, because they are going to get stuck in this situation long before the Internetv6 is here.

As of today, finding popular sites that have deployed v6 to their web sites is extremely rare.  I did a little experiment with top of mind web sites.  As one would hope, ipv6.org resovles to an IPv6 address.  From there, I had a little more trouble.  By the way,"traceroute6: Non-recoverable failure in name resolution" means that no AAAA record was found, or in laymans terms, the site is NOT IPv6 ready.

In reality, I think that there will be a gap between #2 and #3, or when we run out of IPv4 addresses to assign and when all web sites and other servers have both IPv4 and IPv6 addresses.  Enterprises will deploy NAT to maintain connectivity to the Internetv4 rather than contact every web site admin to request they enable for IPv6, and the Federal networks will satisfy the mandate by being able to run IPv6 rather than take the giant step of actually turning off IPv4.  That, my friends, is the path of least resistance.

[ Parent ]
you must be desperate (3.00 / 4) (#20)
by lonelyhobo on Sat Aug 23, 2008 at 09:14:36 PM EST

trying to reference blogs trying to troll for hits as some sort of definitive source reeks of this.

Here's some links right back for you:

It seems I was wrong: it was six months ago

Only a billion IPv4 addresses left...

So we have something that's still readily available and the alternative just became possible to use natively.  And you're thrashing about like a foolish child about how we haven't started using IPV6 yet.

Dude.  IPv6 is a fine solution and will be transitioned to.  It will be ok.  Stop wigging out over whatever the fuck it is.  There will be hiccups.  It happens.  Chill the fuck out.

[ Parent ]

Meh (none / 1) (#21)
by mybostinks on Sat Aug 23, 2008 at 09:42:02 PM EST

[ Parent ]
Web gateway (none / 1) (#60)
by pyro9 on Mon Sep 01, 2008 at 03:58:28 PM EST

OH! so you are accessing this via IPv6? ...Doubtful you will do it in the near future too.

Normally, I wouldn't since I'm running a dual stack, but I CAN do so through the sixxs.org gateway should I need to.

A big reason for minimal support amongst servers was the practically non-existant support amongst clients. That was before Vista came with v6 (Teredo tunnel) enabled by default.

I really wish MS would release a new service pack for XP to auto-enable v6 there as well, but fat chance of that. It's easy to enable on XP as it is, but most users don't even know the option exists.

The future isn't what it used to be
[ Parent ]
I have to SIG this... (none / 1) (#31)
by mybostinks on Sun Aug 24, 2008 at 07:14:25 PM EST

it is magnificent.


[ Parent ]

6. (none / 1) (#48)
by FreakWent on Wed Aug 27, 2008 at 01:36:08 AM EST

One of the "fixes" tp IPv4 address scarcity is CIDR, that annoying /24 notation that allows one to route fragments of non-contiguous address space all over the place.

It's already really really hard (ie expensive) to provide good speed at various backbone nodes as they must use massive routing tables (databases?) for correct handling of packets.  Instead of saying  16,777,214 address are all over there, or - are al in the USA, we have many entries of disjointed fragments.  I have a /29, with 6 addresses.  Somewhere the backbones need to track this just for my little LAN.

According to reps at an APNIC conference recently, it's not the lack of addresses as such that are the problem, it's handling the routing close to the cores of the network.

A free unregulated trade in addresses will make this problem [much] worse.  Loosley speaking, one of the great benefits of IPv6 is that it allows geographical (or at least routing) allocation so that a particular prefix will cover Japan and that's the end of the matter.

That's another reason why NAT is not a solution.

[ Parent ]

Couple of clarifications (none / 0) (#50)
by supine on Wed Aug 27, 2008 at 12:52:31 PM EST

...at various backbone nodes as they must use massive routing tables (databases?) for correct handling of packets.

It's not routing speed that's really the issue as most of that is done in hardware on the line card, not software on the CPU. My understanding of the situation you are alluding to is:

  1. Number of routes is proportional to memory requirements. The concern was that a lot of deployed hardware couldn't receive RAM upgrades and the routing table would exceed their capacity.

  2. Convergence time for the routing table. The larger the routing table, the more time the router takes to process updates to it.

I have a /29, with 6 addresses.  Somewhere the backbones need to track this just for my little LAN.

Probably not. Most networks ignore routes longer than /24 in order to minimise routing table memory consumption. Some even filter on the RIR minimum allocation boundaries which are usually at least a /22.

"No GUI for you! Use lynx!!!, Come back, One year!" -- /avant
[ Parent ]

CIDR (none / 0) (#59)
by pyro9 on Mon Sep 01, 2008 at 03:21:30 PM EST

CIDR exists, but for the most part is useless anywhere near the core. Practically no routers out there will accept a BGP announcement larger than a /24. That immediately relegates CIDR to cases where an ISP wants to sub-divide a larger allocation. ARIN will not hand out a /25 and even if they would, there'd be no way to get it routed.

A part of the problem is that in spite of the astronomical pricetag, many of the "big" routers consist of fast individual cards and absolutely anemic processors and memory for handling the routing table.

The future isn't what it used to be
[ Parent ]
something sensible and workable to replace IPv4 (2.50 / 2) (#10)
by rhiannon on Sat Aug 23, 2008 at 07:48:41 PM EST

It's called IPv6 terry, I don't know where you get your information from, but v6 is the future and everyone knows it, they are just waiting for someone else to do all the heavy lifting and make it easy for them.

I continued to rebuff the advances... so many advances... of so many attractive women. -MC
I think you mis understood (none / 0) (#12)
by mybostinks on Sat Aug 23, 2008 at 07:58:00 PM EST

what I said was IPv6 specification as it stands is not workable. What I am saying is an engineering group needs to come up with a better plan. The plan they have now is not the only solution.

See this article Is IPv6 A Solution In Search Of A Problem?

[ Parent ]

you said that? really? (none / 0) (#19)
by rhiannon on Sat Aug 23, 2008 at 09:08:47 PM EST

I didn't see it anywhere, all I said was you saying: hey guys, there's no problem here, but we should do something about it anyway, oh and the solution that's been worked on for the last 15 years or so and that's already in use should be scrapped for something different.

I continued to rebuff the advances... so many advances... of so many attractive women. -MC
[ Parent ]
Oh OK I misunderstood you then... (none / 0) (#22)
by mybostinks on Sat Aug 23, 2008 at 09:43:28 PM EST

sorry about that.

[ Parent ]
Re-section to "Op-ed" (1.00 / 4) (#24)
by gr3y on Sun Aug 24, 2008 at 12:23:56 AM EST

and I'll vote section.

Otherwise, I'll vote to dump tomorrow, if I can, before this story posts.

I am a disruptive technology.

your point about compatibility is well made (none / 1) (#25)
by GrubbyBeardedHermit on Sun Aug 24, 2008 at 03:23:39 AM EST

I mean, it's as if this IPv6 thing was thought up by a bunch of pie-in-the-sky head-up-arse academic working groups or something

oh wait...


NAT gets a bad name (3.00 / 5) (#26)
by ccdotnet on Sun Aug 24, 2008 at 08:35:57 AM EST

I've never understood why so many techs consider NAT to be so evil. Even leaving aside the issue of address shortage, NAT made it very easy for an endpoint to connect multiple devices to a single Internet connection.

It's just so much easier for your ISP to give you one address "and do whatever you want internally buddy" than go to all the trouble of routing another block (not to mention making the customer technically justify having one).

The humble hardware-based NAT router gets a lot of bad press. Sure it's not an impressive security measure, but consider how less connected millions of devices in the home or small office (beyond the first PC) would be without one.

Likewise with host-headers and web hosting. Could you really be bothered assigning a new public IP to each and every web site you host? Of course not, you stuff them all on one IP except those which really need their own (SSL, etc).

Host-headers, like NAT, have played an important role in getting us to this point (global, common, ubiquitous), and not just because of address conservation.

IP v6 will happen when it happens - when it needs to happen and not a moment before. That's both human nature and network nature.

well, it's sort of a step backwards (3.00 / 6) (#32)
by Delirium on Sun Aug 24, 2008 at 07:23:37 PM EST

Something vaguely like NAT was the situation that IP was invented to replace: a bunch of separate networks that used their own addressing, making it very difficult for a machine on one network to talk to a machine on another in any reliable manner. IP was designed to allow routing from a computer on one network to one on another network, on top of whatever internal protocols each network uses, going through whatever gateways to/from each network you wish to set up.

NAT take us back to the Bad Old Days, where it's hard to route packets between networks. Instead of an actually functioning addressing system that can route across network boundaries, you're back to a mish-mash of ad-hoc solutions, like port forwarding.

[ Parent ]

yes, but designed with zero security (3.00 / 3) (#36)
by ccdotnet on Mon Aug 25, 2008 at 02:55:38 AM EST

Your points are taken. I guess I'm not convinced end-to-end connectivity between these new devices (using public IPs) is at all desirable.

There's something about having private addresses which won't route "out there" in the cloud, and instead being dependent on deliberate NAT/PAT choices to "get out" and "back in again" that I prefer.

What happens when Little Jonny's PS3 has a public IP? (v6). Or your HTPC. Or your fridge? Yes a competent admin can protect these devices using the router's security, if they know how/bother.

But with a NAT/PAT approach, and private addresses on the inside, an incompetent admin (average punter) can also hook up a router without by default exposing their fridge to the world.

v4 or v6, I think we'll still use private addresses on the inside of home and small business networks. And on the growing fleet of 3g iPhones and other mobile browsing devices. You feel safe using a private address space, hidden behind your ISP/telco's firewall. Do you really want a publically routable IP on the handheld itself?

I guess I'm not convinced we need the extra space.

[ Parent ]

you can get the same effect if you want (3.00 / 4) (#37)
by Delirium on Mon Aug 25, 2008 at 03:45:55 AM EST

All that NAT addresses being non-public buys you is that, by default, internal devices can't receive incoming connection requests, but can only initiate outgoing connections themselves, and then get routed packets associated with those existing connections. You can get the same effect by making the router default (at least for the cheapo home router) be "don't route incoming connection requests", except to whitelisted address:port pairs.

An advantage of that set up would be that if you do want to open things up, you actually can, whereas currently you cannot: with NAT, there is no way to route external connections to the same port on two internal machines, or to designate two internally machines as totally open and publicly addressable. If every internal machine had an IPv6 address, you could start with the "no external connection-request routing" by default, and then say "except for these two machines, it's ok".

[ Parent ]

consider the user (3.00 / 2) (#52)
by ccdotnet on Thu Aug 28, 2008 at 06:59:58 AM EST

You can get the same effect by making the router default (at least for the cheapo home router) be "don't route incoming connection requests", except to whitelisted address:port pairs

Yes, you can, and I can. But consider the skills of the person who deploys that home router. NAT gives them this (minimal) safety without demanding router literacy.

with NAT, there is no way to route external connections to the same port on two internal machines

In the vast majority (of home and small business examples), this isn't really an issue. Not many people have more than one internal SMTP, FTP, or Web server. Those few that do can always run their service on a different port: I see a lot of small networks where RDP is only listening on 3389 for the first PC, on the second it's 3390, the third 3391, etc. Once again, NAT/PAT does the job without major router surgery.

FWIW, the networks I deal with have two firewalls - the external "bastion host", followed by a DMZ for location of externally accessible hosts, followed by the internal bastion host/proxy which may or may not PAT to internal hosts as required. Old school.

Just want to clear that up lest I come across as some NAT zealot/nut.

[ Parent ]

oh, I agree the user shouldn't have to do it (none / 0) (#54)
by Delirium on Sat Aug 30, 2008 at 03:34:54 AM EST

I was proposing that in the Future World of IPv6, the same result as today's "NAT by default" effect can be achieved by the router manufacturers making the cheapo home-class routers be "firewalled by default".

[ Parent ]
Nat isn't intrinsically needes (none / 0) (#55)
by pyro9 on Sun Aug 31, 2008 at 10:51:40 AM EST

There's no reason you can't default to exactly the same level of protection using simple filters with IPv6. In fact, if you do it that way, the firewall is relieved of the need to do any sort of connection tracking for TCP at all. It can just drop all inbound packets that have the SYN flag set but not the ACK flag and pass anything else. With UDP, it still has to keep track of ports an inside host recently used and the destination address and port, but it doesn't have to maintain a map between external and internal port numbers.

In either case, the router is relieved of having to do packet rewriting (which becomes significant when the router is a little embedded device).

Then, to allow some inbound connections, instead of adding a translation rule (DNAT) where you mangle the destination port and IP inbound, and the source port and IP outbound, you can just add exceptions to the table to allow (for example) any connection to port 80 from any of X addresses. Again, the router isn't forced to do any packet rewriting to support those connections.

What happens when Little Jonny's PS3 has a public IP? (v6). Or your HTPC. Or your fridge? Yes a competent admin can protect these devices using the router's security, if they know how/bother.

A number of protocols (especially SIP for VOIP) are made much more complicated just because the software running on a host in tyhe LAN can't know what address it will be coming from once the packets get translated. That's why they have to use a STUN server and hope/guess that your NAT setup isn't too strange.

If the router is even half decent (especially a device intended for home use), it will still protect them by default.

Finally, v6 simplifies security. If you have a report that a particular IP address from your network was trying to exploit a website, you can know exactly which machine it was. With NAT, you're probably out of luck because most firewalls do NOT log what translations are used for outbound traffic and even if they do, you'd have to match up the logged times from the target's logs against your own logs compensating for the possibility that one or both have their clocks set wrong. They don't tend to log that by a simple choice, it's mostly because if they did log everything they couldn't handle the load.

I guess I'm not convinced we need the extra space.

Years ago, if you needed a block of IP addresses, you just had to ask for it and you'd get a reply in about a day with no questions asked. Now you have to endlessly justify the need for each and every one. I suppose next year you'll have to submit to a colonoscopy as well. We ARE running out of IPs. NAT doesn't help when you need to support servers on standard ports (and DNS doesn't support a way to use non-standard ports).

Do you really want a publically routable IP on the handheld itself?

With the crap they pass off for firmware on the ones available today, not in a million years. If I can load my own firmware, then yes, I do. It'll never happen though since cell providers in the U.S. would rather die a thousand deaths than allow their customers to get a milli-cent of value out of their phones without a billing event to match.

The future isn't what it used to be
[ Parent ]
the only way we adopt ipv6 (1.66 / 3) (#27)
by circletimessquare on Sun Aug 24, 2008 at 11:29:19 AM EST

is if some governmental body, like the fcc, mandates it, like it does the upgrade to hdtv in feb 09 for the usa. after that time, 4:3 televisions just stop working

of course, for the internet, there is no such governmental body, so there is no one who can enforce the switch

without an authority to enforce the switch, it doesn't matter that ipv6 technology is better, the network effect keeps ipv4 entrenched and inert

The tigers of wrath are wiser than the horses of instruction.

Government-manadated switch (none / 0) (#45)
by molo on Tue Aug 26, 2008 at 06:05:06 PM EST

One way this can happen now with the current regulation scheme is that the government can go IPv6 on their own servers.  Everyone in the US needs to look at .gov at some point or another, so all ISPs will have to go dual-stack.

Consider a timeline like this:

  • January 2010: all new .gov sites must be dual-stacked
  • January 2011: all existing .gov sites must be dual-stacked
  • January 2012: all new .gov sites must be IPv6-only (this is around the time of the projected IPv4 exhaustion1)

That gives until 2012 for ISPs to get their act together, with plenty of notice to all involved.  Yes, it would be a miracle if the government could follow a timeline like that.. but I can dream.


1. IPv4 exhaustion: http://www.potaroo.net/tools/ipv4/index.html

Whenever you walk by a computer and see someone using pico, be kind. Pause for a second and remind yourself that: "There, but for the grace of God, go I." -- Harley Hahn
[ Parent ]

no (none / 0) (#47)
by circletimessquare on Tue Aug 26, 2008 at 10:36:23 PM EST

people would just stop visiting .gov

then the government would get sued for denial of services (no pun intended)

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

Your vote (-1) was recorded. (1.00 / 4) (#28)
by gr3y on Sun Aug 24, 2008 at 01:06:54 PM EST

Nothing follows.

I am a disruptive technology.

If you're serious this is inane and you're a moron (1.25 / 4) (#29)
by The Vast Right Wing Conspiracy on Sun Aug 24, 2008 at 01:25:36 PM EST

if not, you get points for trolling the shit out of lonelyhobo.

I'm a pompous windbag, I take myself far too seriously, and I single-handedly messed up K5 by causing the fiction section to be created. --localroger

Yeah that was kinda (1.33 / 3) (#30)
by mybostinks on Sun Aug 24, 2008 at 05:50:24 PM EST

fun to do.

I am glad that it was not an editorial comment otherwise it would get hidden if this posts.

[ Parent ]

lol retroactive trolling (2.50 / 4) (#33)
by lostincali on Sun Aug 24, 2008 at 08:46:25 PM EST

"The least busy day [at McDonalds] is Monday, and then sales increase throughout the week, I guess as enthusiasm for life dwindles."
[ Parent ]

I call bullshit (2.00 / 4) (#35)
by Harry B Otch on Mon Aug 25, 2008 at 02:47:51 AM EST

the world's population is well over 340,282,366,920,938,463,463,374,607,431,768,211,456 if you count germs.

Right now the world is madly racing along, the future is reinventing itself every second, and you're missing out, because you're hanging out here with a bunc

That's all I need (none / 1) (#39)
by Scrymarch on Mon Aug 25, 2008 at 09:38:44 AM EST

Fucking spam from the Ebola virus.

[ Parent ]
[insert joke about Nigeria here] $ (none / 1) (#40)
by Harry B Otch on Mon Aug 25, 2008 at 10:29:25 AM EST

Right now the world is madly racing along, the future is reinventing itself every second, and you're missing out, because you're hanging out here with a bunc
[ Parent ]
The real problem (2.33 / 3) (#38)
by b1t r0t on Mon Aug 25, 2008 at 08:33:08 AM EST

The real problem (aside from the already inefficient legacy of Class A allocation) is allocating large blocks of ipv4 space for zerg-rush stuff like cell phones, which are numerous, but have no benefit from a permanently-assigned ipv4 address. In the end, this is probably the only place where ipv6 will have any significant hold. Even the "im two stewpid too yews virtualhost" web servers have nothing on cell phones.

At the ISP subscriber level, most ISPs have things set up so most normal customers only get one real address, and have to use one of the readily available (often even from the ISP) devices that provide NAT.

If my ISP (at&t DSL, formerly SBC) offered it, I would have implemented it already (I already have a fixed /29 block on my DSL and run DNS, SMTP, HTTP, etc.) But to my knowledge they haven't, and I've heard nothing that indicates they will.

-- Indymedia: the fanfiction.net of journalism.

If you have a fixed IPv4 address, you can do 6to4. (none / 1) (#44)
by molo on Tue Aug 26, 2008 at 05:50:36 PM EST

I have one fixed IPv4 address and run 6to4 on it.  Outbound is sent over IPv4 to an Anycast address.   Incoming is sent back over IPv4 to my fixed address.  There is no explicit tunnel to setup.

Its got some latency penalties, but it gets you connectivity.  I am able to saturate my 3mbit DSL pipe with IPv6 traffic, so no problems here bandwidth-wise.  Of course you may get a different 6to4 tunnel with anycast, so YMMV.


Whenever you walk by a computer and see someone using pico, be kind. Pause for a second and remind yourself that: "There, but for the grace of God, go I." -- Harley Hahn
[ Parent ]

All the naysayers forget 6to4 (none / 0) (#65)
by Del Griffith on Thu Oct 23, 2008 at 07:48:38 PM EST

the thing is that people like Linksys need to fucking DO IT on the gateways.

As luck would have it, Apple will, and is ipv6 native in all the newer products, and yes it does 6to4 for you... The airport extreme rocks here...

Maybe that is why, yet again the pc industry fucking fails it again.

I...I like me. My wife likes me. My customers like me. Because I'm the real article. What you see is what you get. - Me

[ Parent ]

Privacy Concerns (none / 0) (#57)
by k31 on Sun Aug 31, 2008 at 04:53:14 PM EST

I find it odd that no-one is concerned about the effect of hard coded IP addresses, which IPv6 would facilitate much more easily for not only cell phones, but all forms of "middleware" and even embedded Ethernet adapters and whatnot, on privacy.

Imagine if, rather than having to solicit an ISP to match logs with login times and so on, or a telco for reverse lookup of phone numbers, every device is traced back to its "official" owner.

There goes privacy... visit a website once, and without accepting a cookie, it knows your (or at least, your PC or cellphone)'s surfing habits for that domain....

Also, since IP spoofing is not well understood by a largely non-technical law enforcement/criminal system, I also see more potential for people to be "set up"... drop a little kiddie porn on their HDD, since you know their permanent IP and can just tick away at whatever firewall they have with Windows 7 or whatever...

Anyhow, this is harder to do in a NAT world, because IPs change a lot, and the extra step of matching an IP and time back to a specific end-user is a privacy shield, even if not the best one and just a happy co-incidence.

Your dollar is you only Word, the wrath of it your only fear. He who has an EAR to hear....
[ Parent ]

RFC 3041 (none / 0) (#61)
by QuickFox on Mon Sep 01, 2008 at 06:03:22 PM EST

That's addressed in RFC 3041. (But I haven't read it carefully to form an opinion on how strong the privacy is.)

Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.

[ Parent ]
Thanks, (none / 0) (#64)
by k31 on Tue Sep 30, 2008 at 03:33:18 PM EST

I'll check it out.

Your dollar is you only Word, the wrath of it your only fear. He who has an EAR to hear....
[ Parent ]
Extension of IPv4? (3.00 / 5) (#41)
by molo on Mon Aug 25, 2008 at 02:16:38 PM EST

So you advocate scrapping IPv6 and redoing it as an extension of IPv4 that is fully backwards compatible?  Can you suggest how that would actually work?

I don't see how such a thing is possible except how IPv6 already does it.  How can you address 32+X bit addresses from a backwards-compatible 32-bit address?  Only through a proxy or tunnel, like we have now with IPv6.

Also, you state that there is no benefit or motivating factor to make ISPs and companies upgrade to IPv6.  How would that change with your new IPv4++ compatibility layer?  Institutionalized inertia would discriminate against your protocol extension as much it does against IPv6.

IPv6 is a solved problem as far as the tech goes.  The OSes support it, the software supports it, the routers support it, the higher-layer protocols support it.  The problem is that companies are not motivated to deploy it.  None of those positives are true in the case of your non-existent IPv4 extension, and such an extension still has to overcome the same negative.

As for NAT, it works fine for a company-private network, or a network for media-consumers only.  But the internet was created as a network of peer hosts, where any machine can be both a client and a server.  NAT breaks that for many applications, and requires workarounds and protocol-layer translation help on the router for others.  This is not an acceptable solution for the long term.  Designing protocols to deal with NAT hamstrings network applications.


Whenever you walk by a computer and see someone using pico, be kind. Pause for a second and remind yourself that: "There, but for the grace of God, go I." -- Harley Hahn

Also see http://www.ipv6experiment.com/ - nt (none / 1) (#42)
by tx on Tue Aug 26, 2008 at 03:26:24 PM EST

Hmm.. (none / 0) (#43)
by boxed on Tue Aug 26, 2008 at 04:54:47 PM EST

I heard China was using IPv6 quite a bit, so soon there might be more than a billion people that you can't do business with unless you support IPv6. IPv6 will, as you point out, not win by making the US switch, but you know, with the US economy collapsing and the dollar losing its position as the de facto base currency, who the fuck cares about the US? It's not a growth market, in fact, its a shrinking market.

no backwards compatible option possible (none / 0) (#46)
by danny on Tue Aug 26, 2008 at 09:12:02 PM EST

No "backwards compatible" protocol of the kind you want is possible.  Old IPv4 implementations are never going to be able to handle 128 bit (or even 36 bit) addresses and the associated packet headers.

IPv6 has been designed to make various compatibility options - such as tunnelling or encapsulation - as easy as possible.  There is no magic solution of the kind you envisage, so scrapping IPv6 would be a really bad idea.

[900 book reviews and other stuff]

IPv6 is the solution we have (none / 0) (#49)
by Morally Inflexible on Wed Aug 27, 2008 at 05:19:05 AM EST

not the solution we want. But I suspect it may be the easiest way out of our problem.

the problem with the 'legacy solution' is that at our current rate of use, we are allocating a /8 every month. add to that the fact that it is hard to get someone to give up a /8, and going after the legacy holders starts looking like more trouble than it's worth.

Selling You Thin Air (3.00 / 4) (#51)
by A synx on Thu Aug 28, 2008 at 06:41:50 AM EST

IPv6 is not being blocked by technical barriers (these people aren't idiots), nor from cost to implement. It would cost more to upgrade everyone's home router to IPv6 than to do it to the big backbone routers of the Internet, and lo and behold those already support IPv6! The people who will never ever support IPv6 or anything of the like are the giant telecommunication companies, the ISPs. Comcast, Verizon, AT&T. The barons in control of the wires. And the reason is not that it's difficult or expensive. Those are minor concerns. The reason is they're selling you thin air.

When bastards win the game of capitalism by destroying the free market, they discover that when people are happy and content, that's too high a supply on the supply-and-demand curve. Optimum profits means restricting the supply and making people unhappy, uncomfortable, desperate. Make people beholden to you and powerless to stop your wealth, and that's the maximum profit. Great for Verizon, not so great for 99% of the rest of us.

So the companies quite gleefully cling to IPv4, because of the restricted address space. They want to hurt you, make you less able to fend for yourself. They want you to come crawling to their door and pay $90 a month for a rotten dynamic IP address. They want to shut you behind a NAT prison claiming it keeps you safe. They want to micromanage your bandwidth so they decide what sites you can use, until your Internet is nothing more than a glorified cable TV service. And they want to sell you IP addresses for more and more money, not because those addresses are more in demand, but because the addresses are so conveniently restricted in supply. Only by fighting their soulless profit mongering will you ever get IPv6, and I don't think you have the power to do that. None of us do. We were born losing at their game and they attack us if we refuse to play by their rules.

the future is here... (none / 0) (#53)
by NotInTheBox on Fri Aug 29, 2008 at 06:15:29 AM EST

I am running on IPv6 for already 2 years here in the Netherlands.

The future is here, it's just not evenly distributed yet

IPv6 is available NOW. (none / 0) (#56)
by pyro9 on Sun Aug 31, 2008 at 11:16:04 AM EST

With 6to4 and Teredo, there's no need to wait for the ISPs to join us in the 21st century. The 6to4 standards allow anyone to use a public IP they are assigned as the enmdpoint of a v6 tunnel with a built-in IPv6 /48 prefix.

I've had that set up along with a dual v6/v4 LAN at home and at work for 2 years now.

Every recent Linux distro enables v6 by default so all you have to do is have a router announce a prefix and you're set. In Mac, you just check a box. In Vista, it's pre-enabled. You'll get Teredo by default or a regular dual stack if you announce a prefix on your LAN. In XP, it's just a few clicks to add the v6 protocol stack and get the same behavior as Vista.

The only thing missing for the vast majority of people to get on v6 with ZERO knowledge of networking is a new router/WiFi box?

There are lots of people out there on the IPv6 network right now who have never even heard of IPv6. We would see a lot more traffic except that MS snatched defeat from the jaws of victory by failing to follow the standard of preferring v6 over v4 in cases where both are available.

My prediction is that the v6 conversion will happen at the edges of the net through 6to4 and work it's way inward. Once it becomes more common, home users and admins alike will wonder how/why we ever put up with the intrinsic clunkiness of NAT. ISPs will still (as always) say HUH???

For the home user, an advantage is that ISPs are too clueless to monitor 6to4 traffic at all.

The future isn't what it used to be
OMG TEH END OF TEH INTERNETS!!!! (none / 0) (#58)
by Wen Jian on Mon Sep 01, 2008 at 07:33:57 AM EST

It was an experiment in lulz. - Rusty
Yeah, right. (none / 0) (#62)
by Corwin06 on Wed Sep 03, 2008 at 10:47:23 AM EST

ISPs are using NAT on their side all the time - some sort of NAT, that is; one that Just Works, where you don't have to forward the ports to download warez on IRC and bittorrent - so that the customer of SkyNet in Belgium can have the same IP as the customer of Comcast in the US.

Now for websites, theat's something else entirely. But how many centuries before all the IPv4 space is all taken up by websites (and ISPs)? And how does that compare with the namespace of all possible domains? Taking into account the fact that hfdkkkllzsxw.net will never happen (unless you're on Verizon Internet), but bilouran.org could. (In plain English : namespace of possible domains is defined by all possible combinations of -possibly transliterated from a non-Roman charset- syllables in all languages, not single characters.)

So, NO, the 'Net will not die by exhaustion of IPv4 addresses. Not now, not in the foreseeable future.

As long as kludges such as ISP-side NAT do work "well enough", which is to say, (outta my ass,) 20 years easy, no one needs IPv6.

It will get deployed eventually, at some point... Or it will be an IPv8 that's actually backwards-compatible with IPv4, so that it can be deployed without interfereing with the current infrastructure (read : without obligating everyone to upgrade). (How to do that without magic is way beyond my network tech skill level.)

"and you sir, in an argument in a thread with a troll in a story no one is reading in a backwater website, you're a fucking genius
[ Parent ]
It has to be an alternative (none / 0) (#63)
by it certainly is on Wed Sep 17, 2008 at 05:10:22 PM EST

it can't be an extension, i.e. just add a few more extra flags and bytes onto existing IPv4 packets.


Decoding and re-encoding an IPv4 packet is an intricate process. This is why most networks completely avoid touching the IPv4 payload if they can avoid it. But at some point, someone has to look at the IPv4 headers, and pay the expensive cost of decoding them.

IPv6 is solving (at least) two problems in one move. If we're going to fix the address space problem, an inhibition to scaling the internet, we should also fix the other main inhibition to scaling the internet: routing packets is fucking expensive. Hence the simplified packet structure and inherent routing based on the address.

kur0shin.org -- it certainly is

Godwin's law [...] is impossible to violate except with an infinitely long thread that doesn't mention nazis.

The Death of IPv6 | 65 comments (56 topical, 9 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!