
I hope IPv6 never catches on - rcfox
http://apenwarr.ca/log/?m=201103#28
======
bdb
> In short, any IPv6 transition plan involves _everyone_ having an IPv4
> address, right up until _everyone_ has an IPv6 address, at which point we
> can start dropping IPv4, which means IPv6 will _start_ being useful.

Sigh, no. Not correct -- in the last 8 or 9 years, engineers have been cooking
up various ways to bridge the gap. The transition landscape looks a lot
different today than it does in 2003. Comcast (the largest MSO in the US) has
detailed their transition plans here (tl;dr, it's v6-only customer addressing,
with v4 reachability via DS-lite and CGN): <http://www.comcast6.net/>

Summary here: <http://en.wikipedia.org/wiki/IPv6_transition_mechanisms>

------
wladimir
No no no no no no no no.

NAT is not a solution. Internet is cool because it allows peer-to-peer
communication. It's also cool because everyone can host servers and everyone
else can connect to them. This allows exploration and experimentation.

Please don't force some people to become second-class citizens behind a NAT
just because some artificial resource is running out. It's bad enough in the
real world.

Also, "the addresses are just to long" is a nonsense argument, for many
reasons. And HTTP is only one of the many protocols. But I think I've fed the
troll enough.

~~~
jfr
> _But I think I've fed the troll enough._

I'm glad someone said it. This apenwarr seems to have some good karma here on
HN, but IMO a lot of what he says is heavily misinformed and biased.

I had the urge to go point-by-point of his post and refute each with proper
references and practical examples, but I then I realized that he is just a
troll and that would be feeding him.

Some of his points, like about IPv6 addresses being too long and hard to
memorize and that NAT is good/enough for users, basically points that he
probably doesn't have much experience with network management and how IP works
(specially IPv6 networks). This is strange coming from someone who was the
original author of wvdial.

I have already argued here on HN why IPv6 addresses are easier to memorize:
<http://news.ycombinator.com/item?id=1804038>

~~~
joeyh
So, Avery is just this guy, you know? It's not his fault if some of you want
to fanboy on his every blog post.

I think he's right more often than he's wrong. (Although not in this article,
which is nearly all wrong when it's not rehashing points that have been argued
both ways for many years w/o a resolution.. hang out on NANOG for even a month
and you'll see what I mean.) And I appreciate that he feels he has to get his
half-baked thoughts posted now, before being swallowed by the Borg. Which will
certainly change his opinion of some of this stuff if he ends up working with
the ipv6 people @ Google.

------
extension
So NAT, and the plethora of unholy "protocols" for traversing it, are
acceptable solutions that will last us indefinitely, but DNS is so unusable
that we're better off typing in IP addresses?

The real damage caused by NAT is mostly invisible. Because some people don't
have IP addresses, creators of applications and protocols must assume that
_nobody_ does, making many ideas complicated or impossible. We won't know what
branches of innovation we've missed out on until this constraint is lifted. As
James Burke teaches us, it's these little things that so often change the
course of technology.

~~~
HerraBRE
I totally agree with this. We've been in a firewalled world of NAT pain for so
long that developers have largely forgotten how to think outside the
client/server box it has imposed on us.

I feel this acutely every time I try and spread the word about my project
(PageKite, a system for putting "servers" on mobile and personal devices).
People just look at me funny and go "why would I want that when I can rent a
vserver somewhere in the cloud?"

Once upon a time people would have asked "why do I have to rent some external
machine instead of using this one I already own and this Internet connection I
already have?".

~~~
bane
"PageKite, a system for putting "servers" on mobile and personal devices"

Cool idea! I'm checking it out now.

------
rmoriz
It wonders me that most IPv6 bashing comes "mainly" from US where the IPv6
adoption rate is low. If you check Asia or Europe there are providers running
IPv6 in their backbone for a decade (e.g. space.net), also nearly every
provider at least announces one IPv6 prefix (at least for testing).

Imho this shows, that people dissing IPv6 today have not had a look into it
and are now in a hurry.

Amazon e.g. does not announce a single IPv6 prefix, imho a bad sign about
their networking competence: They don't even have a testing infrastructure
ready.

see:

    
    
      http://bgp.he.net/AS16509
      http://bgp.he.net/AS14618
      http://bgp.he.net/AS39111

~~~
api
We also still use the English system of weights and measures. America thinks
anything new in the area of standards is communism or something.

------
jfoutz
I think the big flaw is, there will be a whole bunch of people who can't get
ipv4 addresses. like kids in dorms. That may not be your demographic, fine,
but djb's argument works both ways. very soon there will surely be at least
one customer with ipv6 only. _poof_ overnight every server in the universe
supports ipv6.

ipv6 has been coming forever. It seems like this year, friends actually have
to come up with ipv6 deliverables. that's never happened before. hell, comcast
is going to be testing ipv6 this year. that's a big indicator with flashing
lights and sirens.

~~~
lwat
As he explains you don't need an ipv4 address for every person. Just give em a
shared one and use NAT. Our entire office has just one public IP address and
nobody knows the difference.

~~~
msbarnett
So when your entire neighborhood is NAT'd and you want to use XBox Live
you'll, what, call up your ISP and ask nicely to have the right ports
forwarded to you?

NAT works in an office environment because most offices aren't doing anything
more than web and email. Home usage scenarios are significantly broader and
harder to keep working behind carrier grade NAT.

~~~
Devilboy
You still need to do that with XBox? Does that mean you can't run more than
one XBox at home from one IP address?

~~~
regularfry
Presumably (I haven't got one) the XBoxes can use UPnP to negotiate external
ports with the home router, which, unlike the ISP's router, can trust the
devices on its network.

------
oniTony
On the plus side, this (staying with IPv4 behind NAT behind NAT...) will
further instil the idea that an IP address is not a person. As soon as
governments/corporations loose the ability to track/sue individual people,
they'll be all over IPv6.

~~~
maxharris
_Coporation_ should not be synonymous with _government_. It might be the case
that these are the same in a particular country or era, but we're not doomed
to such a fate. Fascism can be stopped, but to do it we need to advocate the
idea that state and economics should be as separate as state and church.

~~~
cabalamat
> Corporation should not be synonymous with government.

They aren't the same thing, but that doesn't prevent them from having features
in common. They are both big, powerful entities that don't have my interests
at heart, and are both therefore threats to my liberty (especially when they
work together to undermine it).

------
burgerbrain
NAT is an astonishingly horrific idea that should have never been implemented,
and his arguement about "one valuable customer still on IPv4" reaks of the
same nonsense that has held back web development for years with IE6.

~~~
chris_j
Could you expand on that? What is it about NAT that is an astonishingly
horrific idea?

~~~
extension
<http://en.wikipedia.org/wiki/NAT_traversal>

All that to do something that should be as simple as open(some_ip)

~~~
chris_j
Absolutely. Being behind NAT at home, it is a pain having to open up ports on
the router in order to run anything that requires an inbound connection. At
the same time, it is rather comforting to know that making an inbound
connection is so hard.

What do you think of the suggestion made by the author of the article that,
even if we had IPv6 everywhere, we'd still put a lot of networks behind NAT,
for reasons of security.

~~~
burgerbrain
_"What do you think of the suggestion made by the author of the article that,
even if we had IPv6 everywhere, we'd still put a lot of networks behind NAT,
for reasons of security."_

It's utter bullshit. Stateful firewalls will of course continue to exist;
doing Network Address Translation in addition will be completely pointless.

------
gonzo
The author of this piece gets several details completely wrong.

And NAT is not a solution. Period. End-to-end, ever hear of it?

~~~
pbreit
No.

------
daimyoyo
While the author of this post is content to list reasons why IPv6 sucks, a
better approach would be to realize there will be a billion dollar market
created from the switch. I am going to predict that at least one and probably
2-5 companies in the next YC class are focused on this problem.

~~~
regularfry
If the change is unnecessary, then that's a billion dollar broken window.

~~~
billswift
The way things are going, there isn't going to be a majority changeover until
the window is already broken. Then it will be done rushed and expensive;
remember Y2K? Everybody keep your networking skills up-to-date, there is
likely to be a short, sharp opportunity to make good money - probably in a
year to four (if they do wait for things to start actually breaking, it will
be a little longer before they reach that point).

------
rythie
The Web != The Internet

What about VNC/Remote desktop/SSH?

What about protocols that don't use port numbers like ICMP and basically
everything that's not UDP or TCP?

What about sites that grab data from other sources, often needing IP
whitelisting

Sharing IPs for SSL HTTP services is tricky, do dedicated hosting/VPS users
actually want to give their certs to the ISP (private keys and all) so they
can manage it?

~~~
JoeAltmaier
...and many P2P UDP protocols don't use a well-known port anyway. Because even
if they did, NAT would screw them by mapping it.

I agree with the article's rant about port number being obsolete. A service
space of 16 bits sucks. IPV6 provides a Solution to this: advertise a
different IPV6 address (multi-home) for each service, and use the DNS to
resolve, not the TCP address. I think.

~~~
rythie
Actually my point was that with protocols like GRE it difficult to NAT more
than one stream through an IP address. Also even if you do work that out
(people have it seems) you need to work it out for every protocol which is not
how the layers of TCP/IP were supposed to work.

------
azernik
> When I bring my laptop to my friend's house and join his WLAN, why can't he
> ping it by name? Because DNS sucks. Why doesn't it show up by name in his
> router control panel so he knows which box is using his bandwidth? Because
> DNS sucks.

Actually, strangely enough, both of these use cases work perfectly on my local
network, and have worked both with my current router (running dd-wrt) and with
my previous router (a standard AT&T combined DSL modem and router).

DNS actually works extremely well with a few, by now ubiquitous,
autoconfiguration tools.

~~~
drdaeman
^ This.

DD-Wrt and OpenWrt run dnsmasq DNS and DHCP server, which is capable of
recording machine names when they request an IPv4 address over DHCP, then DNS-
resolving that name to that IP.

And there's also ZeroConf...

------
gardarh
The article states that offloading work from routers to clients is useless
today because memory and CPU is cheaper due to Moore's law. Well guess what,
traffic has increased as well.

What you must think about is "where are the bottlenecks". When you are
connecting to a client on the other side of a large network (e.g. the
internet) and you're not getting the same amount of bandwidth your last-mile
connection should provide you with you have to ask yourself: what's keeping
the speed down?

Turns out that router processing is still a bottleneck. And by delegating the
mundane router work of handling packet fragments and doing checksum validation
to the end terminals we are getting a much more efficient network than with
IPv4. IPv6 headers are also much simpler making it easier (faster) to process
with ASICs.

Stating that reducing work is useless because we work much faster now than way
back when is not a good argument.

------
Tichy
I guess NAT is a part of the conspiracy that divides the web into consumers
and producers. It's impractical to run services from your home computer, which
is why cloud services rake in the money.

I don't know it IPv6 is the solution - if not, lets invent something else.

~~~
HerraBRE
Check out <http://pagekite.net/> , that's my startup and a FOSS project where
I am working very hard to accomplish exactly that.

People should be able to run servers on any device. What exactly they will use
it for is a mere matter of innovation. :-)

------
BerislavLopac
I'm getting a growing feeling that the main opposition to IPv6 are the system
admins, who are afraid that introducing it will have one of the possible
outcomes: either it will bring them more work (billions and billions of
addresses!) which they are not familiar with (impossible to remember the
address!), or it will make most of them obsolete as most network setup work
will be automated. And they're probably right on both accounts (starting with
the first and going to the latter).

------
otterley
I hope it does catch on, because until it does, carrier-grade NAT is going to
make the lives of security professionals and location-based providers
miserable.

To address the shortage of available IP addresses, carriers are going to start
giving out RFC1918 (private) IPv4 addresses to their customers. And the NAT
could occur anywhere; you might be a customer in San Francisco but the closest
public IP gateway could be in New York. (Yes, we have seen this.)

This is going to cause two serious problems for businesses:

(1) Location-based services are going to break. LBS uses the public IP address
as the primary key in the database.

(2) DoS protection that is IP-based (counting request rates from particular
IPs) is going to break. I suspect a lot more sites that we all know and love
are going to have a difficult time staying up after CGNAT is pervasive.

------
koko775
Disclaimer: I am not a sysadmin, but I do tinker with my home computer, doing
such things as setting up services like LDAP, NFS, AFS, DNS, mDNS, etc. - so
most of this is opinion and stuff I've just picked up along the way.

> The hardware-optimized packet format of IPv6 is worth basically zero to us
> on modern technology

No. Basically zero is not zero.

> Every HTTP Server on Earth Could Be Sharing a Single IP Address and You
> Wouldn't Know The Difference

No. Though he lampshades this towards the end, he still gets it wrong - the
SNI extensions to TLS allow secured virtual hosting on recent browsers - but
not older ones, where it simply just doesn't work.

> if I accidentally leave a daemon running on my server, it's not
> automatically a security hole

No. NATs are unfairly equated with firewalls. There is nothing stopping a
firewall from preventing connections to a computer that is now addressable
from the outside, just as they do today. If you are running a publicly-
deployed service and do not restrict inbound and outbound traffic, I would
advise you to do it, now.

> Because of the way TCP and UDP work, you can safely NAT many, many private
> addresses onto a single public address

> I won't go into this too much, other than to say that there are already
> various NAT traversal protocols out there, and as NAT gets more and more
> annoyingly mandatory, those protocols and implementations are going to get
> much better.

No. UDP hole-punching isn't that simple. It requires a third party, and
implementations of NAT are very heterogeneous. Arguing that it's possible to
do safely (and implicitly, on a large scale) is ignoring reality.

So his solution to a newer spec that, despite a rough and in-progress
transition, accounts for legacy, is to move to a newer, incomplete, solution
that breaks abstraction boundaries, is incompatible with current network
hardware, requires major server and router rearchitecture? No. A thousand
times no.

> NAT (and DHCP) has largely eliminated another big motivation behind IPv6

No. I find it laughable that he argues that he argues, essentially, that
private IP subnets make handling DNS simple, while simultaneously (later)
arguing that DNS service records should be used so people don't have to
remember IPs + ports, while also saying "So here's what I really hate about
IPv6: 16-byte (32 hex digit) addresses are impossible to memorize". How about,
instead of kludging up a hack nobody's on board with, using an existing
solution with widespread support? Stateless autoconfig or DHCPv6 do the same
job.

> If GUIDs were a good idea, we would use them instead of URLs

No. What the ever-living FUCK. Did he not already read his own words about
DNS? So sysadmins now have to copy-paste instead of memorizing IPs, or spend a
few extra lines in their host files or DNS servers aliasing it to some DNS
address. This is a simple and sufficient solution.

> But furthermore, DNS on the Internet is still a steaming pile of hopeless
> garbage. When I bring my laptop to my friend's house and join his WLAN, why
> can't he ping it by name? Because DNS sucks. Why doesn't it show up by name
> in his router control panel so he knows which box is using his bandwidth?
> Because DNS sucks. Why can the Windows server browse list see it by name
> (sometimes, after a random delay, if you're lucky), even though DNS can't?
> Because they got sick of DNS and wrote something that works.

> Of course, I can't really take credit for this idea. It's already been
> invented and is being used in a few places. (links to wikipedia article on
> SRV records)

No. JESUS CHRIST. s/because DNS sucks/because Windows sucks/ - for some of the
stuff he's talking about, multicast DNS fixed. Oh, and by the way, Bonjour has
been using multicast DNS + SRV records for freakin' years, and works
pleasantly on !Windows - and it does so for IPv6, as well. I can't speak for
Windows because I have had the pleasure of not using it for anything other
than games for the past several years. I have set up a Time Machine service on
a FreeBSD box that advertised itself as such with no problem whatsoever.

> IPv4 addresses aren't really 32-bits. They're actually 48 bits: a 32-bit IP
> address plus a 16-bit port number

No! This is like saying that your keyboard and mouse are actually a
mouseboard, because they're _almost always_ together. IPv6 still uses TCP -
doing what he suggests would not only be a massive kludge, it would obsolete
an incredible amount of infrastructure already in place - this _cannot_ be
implemented incrementally! Throwing the bathtub out with the bathwater in
order to destroy a working layer of abstraction is insane!

> This proposal has very minor chicken-and-egg problems No! Unless by 'minor'
> you mean bigger than the fucking universe.

This article is founded on so many faulty premises it proposes a
technologically intensive non-solution to a problem that suffers from much
worse flaws the solution it complains about. Readers should disregard any and
all advice proffered by this blog post, as it is grossly inaccurate and
incorrect.

~~~
beaumartinez
> _IPv4 addresses aren't really 32-bits; they're actually 48 bits: a 32-bit
> IP-address plus a 16-bit port number._

> _No!_

Last time I tried to bind a socket to _just_ an IPv4 address I got a
compilation error.

~~~
danparsonson
Maybe so, but the port number is part of TCP, not IP.

------
makeramen
I'd like to offer another possible view: Maybe IPv6 will be a great filter on
the internet.

All the subpar websites I don't want to be bothered by won't switch, and I
won't have to deal with them.

~~~
gaius
I use similar logic, if a merchant doesn't take Amex I probably don't want to
shop there.

~~~
mmavnn
If you ever have reason to travel to Europe, this is not a good strategy to
follow...

------
sanxiyn
Re: DNS configuration. Zeroconf works. It may not be ubiquitous yet, but it
works.

~~~
yardie
I'm curious how ubiquitous ZeroConf actually is. Every user that has iTunes
installed will generally have Zeroconf/bonjour installed as well. Based on the
number of iPhone, iPad, and iPod users alone it should be a fairly significant
number.

------
kalleboo
It's cute how he end his long list of messy hacks for dealing with NAT with
"Appreciate the astonishing long-lasting simplicity".

------
kaerast
Another issue with NAT in large scale deployments is the limited number of
simultaneous connections possible. I believe this was best demonstrated by the
screenshots of how Google Maps starts degrading when you drop the connections
available; 15 saw marked degradation, and that was without any other software
running. Can't remember the source of this though now.

------
sgt
I suspect the following:

IPv4 is going to last quite a bit longer once we start trading in IP space.
Didn't Microsoft just purchase a huge chunk of IP addresses from Nortel the
other day? If that kind of thing is allowed to continue, we're in for years
without any need for IPv6 - sadly.

------
rythie
Surely IPv6 clients also have IPv4 interfaces too, don't they already request
a AAAA address first and then a A address if that fails? [I'm not sure if they
do currently - but seems to make sense]

------
usertm
I wrote my thesis about IPv6 and it's great! (IPv6, not my thesis).

------
tonfa
I wonder how much his opinion will change once he starts working for Google...

~~~
danssig
The guy who wrote this article is going to work for Google? I guess they've
drastically changed their hiring practices?

