
There is no Plan B: why the IPv4-to-IPv6 transition will be ugly - soundsop
http://arstechnica.com/business/news/2010/09/there-is-no-plan-b-why-the-ipv4-to-ipv6-transition-will-be-ugly.ars
======
tptacek
Consider carefully: to really deploy IPv6, we'll need to change most of our
networking software (clients and servers) to handle v6 addresses. This would
be hard enough if the v6 migration was a one-liner. But it isn't. Beyond the
fact that you have to handle both sockaddr_in and sockaddr_in6, note that v4
addresses are scalar values for C programs. C does not have a scalar 128 bit
type.

Our v6 future is NAT'd to the horizon. If that's the case, what's the major
win for v6 to this generation?

The notion that we're imminently going to run out of v4 addresses is at least
somewhat artificial, since we run fiat allocation schemes right now and could
migrate to a market-based allocation to replace it. There are companies
addressing desktop machines with routable /16 components because they don't
believe in NAT; there are companies grandfathered in to /8(!) allocations. A
lot of this waste might stop if people had to pay for it.

~~~
dmm
A market is an excellent way to manage scarcity. However, ipv6 is preferable
to well managed scarcity because it effectively eliminates the scarcity.
Addresses under ipv6 are practically unlimited.

A typical ipv6 allocation for an end user is a /48. This allocation consists
of 65,536 subnets, each of which has 18,446,744,073,709,551,616 individual
addresses. This is just for the end user! Your grandma's cellphone will have
18,446,744,073,709,551,616*65,536 address available to it. No one will ever
have to worry about running out again.

The market is a great way to allocate wheat, but imagine if we could make a
machine that generated unlimited wheat. Why not use it?

Look at the population of Asia and look at the current ip allocations for that
region. It's insanely small! Think about the next 30 years. All of those
people are going to want internet access. Demand for ips is only going to grow
and the difficulty associated with any sort of fundamental change is only
going to grow.

IPv6 isn't perfect but it's needed and needed soon.

~~~
jodrellblank
_Your grandma's cellphone will have 18,446,744,073,709,551,616_ 65,536 address
available to it.*

Good to know they're not being wastefully allocated this time around.

"Man said, "Carefully husbanded, as directed by the Cosmic AC, the IPv6
addresses that are even yet left in all the Universe will last for billions of
years."

"But even so," said Man, "eventually it will all come to an end. However it
may be husbanded, however stretched out, IP addresses once allocated are gone
and cannot be restored. Entropy must increase to the maximum."

Man said, "Can wasteful IP allocation not be reversed? Let us ask the Cosmic
AC.

~~~
joshhart
Not so sure about that. Think about how much energy would be necessary to
operate that many devices:
<http://blogs.sun.com/bonwick/entry/128_bit_storage_are_you>

~~~
jodrellblank
I wasn't suggesting they would be used, I was suggesting they would be wasted.

Unless you want to run your new company as a process on my grandma's
cellphone, that she can have more IP addresses on it than I can make a witty
comparatory analogy about, is merely stupid and wasteful allocation.

The IPv6 address space may be so big we could never use it all, it's not so
big we could never wastefully allocate it all.

------
mgkimsal
Couple random points:

I just bought a new consumer router last year (actually, come to think of it,
2). _Neither_ have current support in the admin screens for IPv6 - it's the
standard 4 box dotted quad input only. Yes, a firmware upgrade can solve this,
but this was 2009 at the time - how much more time do hardware vendors need to
put this in consumer products, where we'll see arguably the most pain (in
terms of hand-holding service requirements)?

Also, relating to screens, a huge number (large majority?) of software is
coded specifically to the dotted-quad format. I think we'd have seen more
adoption if the plan we're migrating to had simply added a couple more dots to
it. Easier for people to think about at the end, and would have given us a
moderately larger pool base, easier way of thinking about new address spaces
(visually, I mean).

 _64.27._ 78.45.134.240 where you tell people that the first two (or last two)
now correspond to new addresses, and 'old' addressed simply have two leading
0s, would have made transition easier to swallow (IMHO).

2001:0f68:0000:0000:0000:0000:1986:69af, in comparison, even if shortened
down, looks pretty alien.

Adding two dotted quads would have given us 65k x 4 billion addresses. Yes,
it's not IPv6-sized, I know. But in terms of the 'let's measure everything by
how many IPs each person on the planet can have!' it would have been
sufficient for a while - I think most people would be fine with fewer than 20k
addresses each.

I know this is wholly naive of me, and real hackers everywhere can do this
stuff in their sleep. However, 'real hackers' aren't going to be dealing with
the majority of this transition - it's going to be average joes trying to help
their family get back on the internet over the phone after they mistype
something on their new DLINK-950v6 router from Best Buy.

We're well past the phase where we can back out, or I think even consider
alternatives, but the impact to existing software screens is not to be
underestimated.

IPv6 may turn out to be the real Y2k.

~~~
BrandonM
> how much more time do hardware vendors need to put this in consumer
> products, where we'll see arguably the most pain (in terms of hand-holding
> service requirements)?

Under IPv6, won't customers just need a hub or a switch? Every IPv6-aware
device in the home will just request a unique address directly from the ISP,
completely eliminating the need for home routers. Of course, devices still
needing IPv4 would need some other solution.

Of course, that doesn't come without a tradeoff (as mentioned in the
submission). Those IPv6 devices will need to be aware that they are connected
to the Internet at large, and security will need to be addressed accordingly.

~~~
cabalamat
> _Every IPv6-aware device in the home will just request a unique address
> directly from the ISP_

No thanks, because unscrupulous ISPs will then start to charge people per
device connected. It isn't (or shouldn't be) any of my ISP's business how many
devices I have connected, any more than the high-level meaning of the bits I
transfer is their business. Their business is to move bits.

~~~
sp332
Well yeah, you'd have to buy IPs in blocks of, say 100. If you don't buy them
from an ISP, you'd have to buy them from your local RIR in /48 blocks!

------
ay
I am one of the authors of a draft that describes how to make the transition,
at least for the "client" apps (like HTTP), more straightforward:

<http://tools.ietf.org/html/draft-wing-http-new-tech>

Also, for the rogue RAs, there is a solution too:
<http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard>

(currently shipping in some products already).

For security, there are better approaches that do not compromise the
applications transparency as much as the filters do:

[http://tools.ietf.org/html/draft-vyncke-advanced-
ipv6-securi...](http://tools.ietf.org/html/draft-vyncke-advanced-
ipv6-security)

To summarize, knowing Iljitch personally, I hoped for a more sober article.
v4->v6 transition is not going to be easy, sure. But the article does come
through as having a slightly hysteric tone, which is unfortunate.

As for "no customers" stance that I hear every now and then: Just today I had
a chat with a large-ish service provider. They have quite a lot of enterprise
customers for IPv6 _today_. XS4ALL provides IPv6 in .nl _today_. free.fr has
been doing it for years already.

Finally, to end on a cheerful note - some folks have found this video funny,
hopefully you might as well: <http://www.xtranormal.com/watch/7011357/> \-
though I do not claim to have the best sense of humor.

~~~
tptacek
What's the value proposition of an IPv6 address to any of (a) my mom, (b) a YC
web app founder, or (c) a Fortune 500 company in the industry standard best-
practices configuration of private non-routable addresses for internal hosts
sitting behind a series of firewalls and proxies set up for policy reasons?

A customer use case for _any one of these_ scenarios would be enlightening.

~~~
ay
(a) - When she would have to choose whether to pay $10 or $30 per month for
the facebook.

(b) - Experience, when down the road a year or two from now it will mean some
real eyeballs. If you do not care about serving to mobile users, no need to
bother. Maybe there are startups that are not just about webapps.

(c) - they already have IPv6. On Vista and Windows7. Just that it travels over
Teredo. Reason: visibility into the end-station traffic.

I am not trying to convince you that IPv6 is the panacea. If you show me the
compelling argument towards the standard p2p substrate that would not abuse
the links between the ISPs too much, is standardized, has implementations in
all the major OSes as part of standard distribution with similar API - or
freely available in the source code form with the BSD or MIT license - I'd be
happy to see it. Oh yes - and you can show the business cases for it for the
above three participants, too, if you like. Oh, and of course it has to
traverse multiple layers of NATs too.

I'd seriously use it in some of the pet projects.

~~~
tptacek
I'm not seeing the scenario where IPv4 costs my mom $20/mo for commodity web
access.

And even my mom has IPv6 software. Mysteriously enough, none of my clients ---
large F-500's with network groups mature enough to have security teams
sponsoring security reviews of applications --- _none_ of them use IPv6 in
production. Pretend I'm one of them and sell me an IPv6 deployment project.

~~~
ay
I am not a sales guy. Surely you will he fine with NATs for some time. But
this time is not infinite. And when it ends, you will be up for a harsh
awakening.

So, plan which of the scenarios is more appealing to you. If you plan a
parachute in a year, do not bother. Otherwise discounted cash flow may help.
Maybe it does not make sense to you now, fine.

And let's chat in a year. No. I am not selling ipv6. It is there. Facebook and
YouTube and tpb is on ipv6. Probably the only remaining part of internet not
migrated yet is Craigslist.

------
Groxx
I still fail to see an issue in any of this if the rollout moves from
backbone-to-users, and not the other way around. Which is the only order which
makes much sense anyway - if the backbones can't route your packet, what's the
point in speaking that language?

ISP-level NATs don't make sense, except in connecting external-IPv6 to
internal-IPv4, in which case: so? Only serve up the IPv4 connections which
currently exist, creating no new ones and dynamically mapping no ports, and
pass through all IPv6. And if I recall correctly, IPv4 addresses are reserved
in a range of IPv6 addresses already, so translating is a non-issue if the in-
between is all IPv6. Any attempt to access IPv6-only addresses from IPv4 get
fake IPv4 addresses, probably as some hashed value so repeat connections yield
the same result.

External-IPv4 to internal-IPv6: yeah, _full_ of issues. Who gets port 80 once
you start sharing external IP addresses? SSL ports? How about all those port-
specific email servers? But not the reverse.

I could be missing something obvious, though. IANAIETF expert by any stretch
of the imagination. Anyone care to correct me?

(edited for a bit more, and less block-of-text-iness)

~~~
drdaeman
Backbones seem to be mostly fine. Well, I've got my /48 from Hurricane
Electric and had no serious problems except for minor disturbance with my
Nokia N900, which needed custom kernel (weirdly, official one has no IPv6
support).

Except that IPv6 space is too empty. There's nothing much out there — Google,
Debian & Ubuntu mirrors, Python docs... that's almost all I've noticed to use
over IPv6. This is the reason nor ISPs nor users go v6, even those who can.
And, on the other side, almost no hosting providers give v6 addresses to their
customers, so almost no websites appear at v6 Internet. I believe this is the
most important problem: _there's really almost nothing to do with IPv6
nowadays_.

IANA should really encourage LIRs to get v6 blocks, but they're not doing it
at all.

~~~
lenni
Is there anything I as a consumer (and private website admin) can do to help
IPv6 along?

~~~
caf
As a website admin, you can request an IPv6 address, configure your webserver
to listen on it, and configure your DNS with an AAAA record for it. ie. you
can make your website accessible over IPv6.

~~~
ay
However, depending on your business, you might want to be careful. At a
minimum, clamp the MTU on the server to be less than 1500. There is still a
fraction of clients that will be broken by this process.

I run a small service which you can try on your website "right now" and see
what happens, without affecting your users too much: <http://testv6.stdio.be/>

------
CrLf
The real problem with IPv6 is that it focuses too much on the technical issues
and mostly ignores the human issues. This is why it hasn't gained significant
traction and, IMHO, won't even when the IANA runs out of unallocated IPv4
blocks.

There are a few main issues with IPv4:

1\. Everybody wants to have a public IP address, and that is making the
available IP addresses run out really fast; 2\. There are huge chunks of
allocated addresses that are in fact unused. And there are also a number of
public addressable /8's being used for internal networks for no good reason;
3\. Splitting up wasted /8's in (geographically disperse) small chunks isn't
feasible because routing tables would get huge.

No. 1 is easy to solve: not everybody needs a public IP address, no matter
what people say. Mobile phones can survive just fine with private addressing
behind a NAT. Public addresses for mobile users could be handed out on a case-
by-case basis, for an additional fee.

No. 2 will come into play once we run out of address space. Scarcity will
trigger a market for IPv4 addresses, and as any scarce resource, its use will
be rationalized and made more efficient.

No. 3 is the most tricky. But that's where IPv6 really appears as the problem
solver. Internet backbones will have a different structure than the IPv4
addressing implies, and that structure will be made with IPv6. IPv4 will be
tunneled over IPv6 networks with its own structure. In fact, this has been
done for a long while inside the ISP's networks using MPLS (IP packets enter
the ISP network and are then routed using MPLS until they exit into another
ISP/carrier's network). Those multiple MPLS domains will become a single IPv6
domain.

The structure of the Internet will change when IPv4 addresses become scarce,
that's for sure, but I seriously doubt IPv6 will gain acceptance at the
network endpoints. There is just too much legacy for that to happen in the
next 30 years at least.

I belive in scarcity dynamics, so I'm not too worried. Also I also belive NAT
to be a good solution for private networks and don't agree with the view that
NAT is evil.

~~~
BerislavLopac
1\. "not everybody needs a public IP address": sure, and there is no need for
more than 6 computers on the entire world, ever. In my opinion, stalling the
transition hurts innovation; while it's true that as the things are at present
public addresses are not an imperative, new technologies like P2P, which would
greatly benefit from public addresses, open a whole new realm of
possibilities.

2\. Again correct, assuming that there is no cheaper alternative to the
"addresses market". But it exists, and is (mostly) free. Once the providers
realize that it's less expensive (longterm) to switch to IPv6 than to keep
buying new addresses, they'll do it, even such a solution might prolong things
even more.

In general, most of "solutions" to the IPv4 crisis represent a sizable effort,
which will only increase as the addresses become more scarce; and the sum of
it will be much larger than the effort of simply switching to v6. We'll see
how it will turn out though.

~~~
CrLf
Stalling the transition hurts innovation, yes, and avoiding an address market
would be good too. But this is ignoring the human problem, which was my
original point.

From a technological standpoint it would be nice to switch, but you have to
convince everyone to switch, which isn't easy because:

Most OSes deployed today either don't support IPv6 or the support is
problematic. Remember that most of the world still uses Windows XP and are in
no hurry to change.

Most applications don't support IPv6. Many of those could be easily changed
but the people responsible have better things to do, especially in the
enterprise space (which most people here seem to ignore, always thinking that
the consumer Internet is the only thing in existence).

IPv4 is elegant in its simplicity, whereas IPv6 is complex and different for
the sake of being different in some cases. This means extra cost to switch
internal networks, and without switching internal networks there's no pressure
to port most applications.

Network administrators know IPv4 well, what works and what doesn't, where the
faults are. Switching to IPv6 means extensive training which adds to the cost.
Given that right now people that actually have a working knowledge of IPv6 are
few and far between and seem to be concentrated in ISPs, this will be hard to
change.

Despite the benefits of everyone having public addresses, there are also
security downsides, and these outweight the benefits in most people's eyes.

So, the main problem is legacy. IPv6 benefits are irrelevant when it doesn't
interoperate seamlessly with IPv4.

Again, IPv6 adoption is a human problem, just like convincing people to
abandon IE6 is.

~~~
loup-vaillant
> _Despite the benefits of everyone having public addresses, there are also
> security downsides,_

No there isn't. Not a single one. Just replace your old NAT by a clean
firewall, and you're set.

~~~
Dylan16807
Letting people see each individual device, even firewalled, is a security
downside.

~~~
loup-vaillant
I don't believe you. I'm willing to listen though. Do you have a link to a
detailed, technical explanation of this?

~~~
Dylan16807
I need a reference that exposing more information about systems that are
nearly guaranteed to have security flaws is bad? I'll give you a simple
scenario and then go look for something to make you happy.

I have a computer running services A and B and several computers running
service B. Service A exposes information about the computer's configuration
that helps attack service B, but only if the attacker can figure out which
one.

Edit: I haven't really been able to find a comparison between firewalling and
firewalling+NAT, just comparisons between nothing and NAT.

~~~
loup-vaillant
By the way, I wasn't completely explicit. I supposed that in both cases all
incoming ports are closed, except for the ones you explicitly open. That way,
the only difference between the NAT and the firewall is the address
translation.

My scenario is narrow, but I expect it to be a common one: IPv6 internet boxes
will likely include such a firewall by default.

------
jrockway
As far as I can tell, IPv6 is already here. My home network has IPv6, and all
my servers have IPv6. Doing this amounted to one line of config on the
servers, two lines of config on my router (one to tell it the ipv6 address,
one to start rtadvd), and no configuration on my workstations.

And, I have better IPv6 connectivity from home than IPv4. Traceroute to
Google:

    
    
        $ traceroute google.com
        traceroute to google.com (209.85.225.104), 30 hops max, 60 byte packets
         1  blinky.internal (10.0.0.2)  0.267 ms  0.249 ms  0.230 ms
         2  dsl253-036-001.chi1.dsl.speakeasy.net (66.253.36.1)  15.046 ms  19.018 ms  23.002 ms
         3  220.ge-0-1-0.cr2.chi1.speakeasy.net (69.17.83.153)  16.991 ms  20.965 ms  24.950 ms
         4  core1-2-2-0.ord.net.google.com (206.223.119.21)  26.932 ms  28.911 ms  30.893 ms
         5  72.14.236.178 (72.14.236.178)  32.875 ms 72.14.236.176 (72.14.236.176)  87.863 ms 72.14.236.178 (72.14.236.178)  34.822 ms
         6  209.85.241.22 (209.85.241.22)  37.802 ms 72.14.232.141 (72.14.232.141)  39.334 ms  41.312 ms
         7  209.85.241.35 (209.85.241.35)  43.294 ms 209.85.241.29 (209.85.241.29)  23.635 ms  23.689 ms
         8  66.249.95.138 (66.249.95.138)  27.670 ms 72.14.239.18 (72.14.239.18)  29.652 ms 209.85.248.102 (209.85.248.102)  31.626 ms
         9  iy-in-f104.1e100.net (209.85.225.104)  33.608 ms  35.591 ms  37.573 ms
    

Traceroute6 to IPv6 Google:

    
    
        $ traceroute6 ipv6.google.com
        traceroute to ipv6.google.com (2001:4860:b007::68), 30 hops max, 80 byte packets
         1  blinky.jrock.us (2001:470:1f11:488::1)  0.273 ms  0.246 ms  0.228 ms
         2  jrockway-1.tunnel.tserv9.chi1.ipv6.he.net (2001:470:1f10:488::1)  17.464 ms  19.492 ms  21.437 ms
         3  gige-g3-4.core1.chi1.ipv6.he.net (2001:470:0:6e::1)  31.410 ms  33.398 ms  35.383 ms
         4  * * *
         5  2001:4860::1:0:3f7 (2001:4860::1:0:3f7)  29.284 ms 2001:4860::1:0:92e (2001:4860::1:0:92e)  37.278 ms 2001:4860::1:0:3f7 (2001:4860::1:0:3f7)  39.263 ms
         6  2001:4860::1:0:1d1 (2001:4860::1:0:1d1)  46.248 ms 2001:4860::1:0:2776 (2001:4860::1:0:2776)  47.653 ms  49.593 ms
         7  2001:4860::38 (2001:4860::38)  51.579 ms  36.400 ms  36.944 ms
         8  2001:4860:0:1::f (2001:4860:0:1::f)  35.849 ms 2001:4860:0:1::d (2001:4860:0:1::d)  33.996 ms  33.369 ms
         9  iy-in-x68.1e100.net (2001:4860:b007::68)  27.974 ms  31.954 ms  31.951 ms
    
    

Same number of hops, but less latency!

~~~
ay
Nice to see the specific data.

Another data point: last year at FOSDEM we had more than just a couple of
v6-connected hosts, here're some stats I kept for fun:

<http://stdio.be/onsite.fosdem.net/>

Needless to say, noone ran after the conference participants to upgrade the
software on their devices.

------
runjake
I'm not discounting the article's assertions, but we're doing fine with a
~7,000 node IPv4/IPv6 network.

Each node is running a reasonably modern client OS (80/20 Mac OS X/Windows 7,
mostly). Most of our servers are Windows Server 2008 and some 2003. We do have
several Linux servers, as well. Pretty much all the service they run
seamlessly translate to IPv6 (Exchange, IIS, SMB, AFP, Apache [and its
modules])

Each node and server get an IPv4 address and an IPv6 address. Mac OS X and
Windows prefer IPv6 transport over IPv4 and most users have no clue when they
go to Google, they're doing so over IPv6. nearly all of our internal web,
email, and file sharing traffic is over IPv6. Nobody knows any different.
There has been small, interesting issues, but we're able to resolve them
pretty quickly and haven't run into anything even marginally major.

From the looks of things, the transition will be like the fader control on an
audio mixer. Nodes will have dual stacks, and IPv4 will fade out gradually and
IPv6 will, at the same time, fade in gradually, and nobody will be the wiser
(other than the poor network programmers who have to get their network code
IPv6 ready, which frankly, they should've begun years ago).

Implementing a large-ish scale IPv6 network (dual stacked, of course) has been
relatively pain-free (in our experience).

~~~
tptacek
I think the subtext of this article is that schemes like this appear to work
because you're really relying on IPv4 for guaranteed network access; the true
migration to IPv6 (the "magic moment" as DJB would call it) hasn't happened
until people can feasibly not depend on IPv4 for a production network.

If everyone has to be dual-stacked, then we're committed indefinitely to
making IPv4 workable.

Which is fine! But it rather lessens the urgency of converting people to IPv6.

~~~
runjake
But are we really relying on IPv4 when at least 90% of our network traffic has
seamlessly transitioned to IPv6? It's almost funny to say this, but it seems
like IPv4 is already legacy for us.

Sure, some external websites haven't yet converted to IPv6, so the stack falls
back to IPv4, but for the most part (and 90% is probably a very conservative
estimate) IPv6 is king across the WAN.

The downside to IPv6 is that it's a steep learning curve, and virtually nobody
else in the org is even marginally familiar with it. If you're familiar with
bit math, IPv6 is a bit easier, but then you get into routing and DHCPv6 which
tend to differ significantly in some areas from their v4 counterparts. Also,
I'm finding that certain vendors' ( _cough_ Cisco) IPv6 implementations aren't
nearly as tight as they claim. It wasn't until July 2010 that Cisco really
implemented DHCPv6 in a usable manner in IOS.

Now if only Apple iOS devices supported IPv6 ;)

~~~
ay
IPv6 on iPhone 4: <http://www.fix6.net/archives/2010/06/22/ipv6-on-iphone/>

For the learning: take a look at
<http://www.6deploy.eu/index.php?page=tutorials> \- they seem pretty nicely
readable, maybe you can use those materials.

Curious about the 90% part - care to tell more over mail ? If yes - then ay at
the general direction of your cough ;-)

------
signa11
djb's description here: <http://cr.yp.to/djbdns/ipv6mess.html> is pretty good
too...

~~~
caf
Aye. djb is pretty opinionated, but in this case he is spot on.

~~~
trezor
I disagree.

His main objection seems to be thatfor IPv6 to work, administrators would
(shock) have to administer IPv6. As he says: They would 1. have to acquire
IPv6 address-space and 2. they will have to add it to their DNS.

That's it. Once that is done, 99% of things out there just work. If you run
Windows and Active Directory, all you have to do is acquire address space, as
AD does DNS for you automagically.

If we can't expect administrators to put in this minimum of effort to make the
internet work in the future, but instead expect them to be able to set up huge
layered NAT infrastructures with all the extra effort and problems that leads
to, something is horribly, horribly wrong.

Really. IPv6 opponents seems to live under the illusion that IPv6 will create
more work, which in itself is true, but they ignore the extra work required to
make IPv4 work at all. Work at all _today_ that is. It's not going to get
better in the future.

~~~
caf
I believe his objection is that, being realistic about these things,
administrators _won't_ bother to seperately administer IPv6, when it doesn't
confer any advantage to the first movers.

It's not about what _should_ happen, it's about what _will_ , taking into
account the reality of human behaviour. And even if 95% of sites out there did
enable IPv6, then everyone will still want IPv4 addresses so that they can
still reach that last 1-in-20 - the transition simply can't happen until all
existing sites are reachable over v6.

I don't think he's an "IPv6 opponent", I think he just makes a good case that
there isn't a workable transition plan.

------
acqq
Anybody knows how the 128 bits in the addresses are really going to be
allocated? If everybody gets "lower 64-bit for a subnet," and every device
simply considers that it should allow that the subnet is whatever is a slave
of it, we end up using only the upper part, and then if you again give big
chunks of upper 64 bits to different entities like it happened with IPv4,
there's still real chance that even if the space is big it remains
inefficient, especially if upper 64 bits are separated to encode some special
assumptions about routing or whatever. Is there any text about this whole
subject, which just doesn't brag that 128 bits is "a lot?"

~~~
drdaeman
Even with this generous distribution it's still about /32 per ISP. Imagine
IPv4 Internet where each existing ISP has just a single v4 address.

Maybe when we'll have a colony at Alpha Centauri that won't be enough anymore,
but this should be perfectly sufficient for quite a while.

~~~
acqq
So do you actually know that every ISP exactly gets /32? Can you point to some
material about that? I'm still asking for some exact information.

~~~
count
For IANA -> RIR allocations, [http://lacnic.net/documentos/lacnicvii/POLITICA-
IPV6-IANA-RI...](http://lacnic.net/documentos/lacnicvii/POLITICA-IPV6-IANA-
RIR_EN.pdf) and for an example of RIR allocation to ISP/end user:
<https://www.arin.net/policy/nrpm.html>

Each RIR has it's own policy though, so check with the one you're concerned
with (ARIN vs APNIC, etc).

------
peterwwillis
I could just be misinformed/sleepy, but why can't we all just multihome?
Upgrade or replace (tech refresh, anyone?) all gear which doesn't natively
support v6 and start running both networks at the same time.

You hardly need to support anything but the routable address space of v6 if
the device is configured for a v4 network, and applications can get patches to
prefer a v6 connection (apparently even though some applications _claim_ to
try to make a v6 connection first, it doesn't usually work for me in
practice). This at least buys you the time and flexibility of transitioning
the chicken while the egg finishes gestating/maturing.

We all realize that every v4 frontend server has to support v6 before clients
can be transitioned. However, I don't see a problem with giving everyone a v4
and a v6 in the meantime while the servers are upgraded. This means middle-man
upgrades first, and basically every link between an internet host has to
natively support both ipv4 and ipv6. If you just used RAs you don't have to
support dhcpv6 yet, and dhcpv4 handles the stuff RAs don't for the clients.
Perhaps i'm over-simplifying.

(edit) Also, completely separate thought: why the hell isn't Obama offering a
discount to help transition like they did with TV? That was a pointless
upgrade while this is a real looming problem. Can somebody get Google and
Microsoft in a room and make them form an IPv6 lobby?

~~~
loup-vaillant
> _I don't see a problem with giving everyone a v4 and a v6 in the meantime
> while the servers are upgraded_

The problem is the total absence of short term benefit, while the cost is not
null (in money, time, or cognitive load). So, even if it's better for everyone
to go IPv6, it's worse for each individual to move first. So everyone wants to
move last.

~~~
peterwwillis
The short term benefit in my proposal is being completely backwards-compatible
and avoiding the problems of tunneling and other proposed workarounds while
providing IPv6 routing where necessary. It doesn't "fix" the problem of
running out of IPv4 address space (unless a given ISP decides to switch to
IPv6-only, require its customers to upgrade, and turn on a multihomed IPv4
address for extreme cases). What it does do is allow the transition to take
place. Everyone should be shouting at the top of our lungs at ISPs to support
this so we can get this chicken/egg scenario over with.

People are basically in denial. The cost is never going to be null and
everyone has to move eventually. Server admins actually have the bulk of the
responsibility here for getting the whole internet migrated to IPv6. It's
their services we want to use and network addresses are just a way of getting
to them.

The problem is they have seemingly no accountability. I tried to hold the
admin of xkcd.com's feet to the fire and I got rebuffed. Unless there's a
substantive potential for their customers to abandon them they don't really
give a crap (hopefully because they have other things to take care of). And in
the meantime they can claim they don't need to move because the rest of the
network isn't ready for them yet. So tell ISPs to multihome already and we can
then start telling server admins to get their shit together because the rest
of the network is ready for them.

~~~
loup-vaillant
> _[…] while providing IPv6 routing where necessary._

This is the key point. Right now, and on the short term, IPv6 is not necessary
at all. Or at least it isn't perceived to be. Reason: everyone is still
compatible with IPv4. I know it's as stupid as racing towards a concrete wall,
telling yourself that you can always slam the breaks later, but we seem to
race towards that wall anyway.

> _People are basically in denial. […] they have seemingly no accountability
> […]_

I completely agree. But I can't think of a way to solve this.

~~~
peterwwillis
_> I completely agree. But I can't think of a way to solve this._

Charge people more to use IPv4-only networks and make it slower. Oh,
wait......

------
m104
No plan B? Hah! Let's face it already: there will be no IPv6 transition.

Eight years ago, I was in the "more effort needed" school of thought about
IPv6. I figured we'd slowly update our programs and toolkits and libraries and
reference material and college textbooks and switches, etc., and by 2005 it'd
be about the right time to switch over. It will be painful, I thought, but
necessary and ultimately a very good thing. So I waited and watched, much as
I'm sure many of the HN readers have been doing. I figured that those people
who are smarter and more connected than me would form the leadership of the
IPv6 migration and show the rest of us the way to 128-bit Internet addressing
bliss.

Realistically, though, we're no closer to a workable migration to IPv6 today
then we were in 2002. Since then, we've managed to switch from analog to
digital TV (at least in the US), migrate most software from ISO-8859-1 to some
flavor of Unicode, settle the Blueray/HD-DVD format war, increment the USB
protocol _twice_ , formalize HTML into HTML 4.0 and XHTML and HTML 5, and
virtualize or emulate every major operating system onto every major hardware
platform. But nothing of any substance has happened on the IPv6 front.

The reasons for the lack of progress have been clearly laid out by others, but
the unspoken sad reality is that we're wasting our time with IPv6. Even to say
"IPv6 migration" implies that it _will_ happen and thus IPv6 is the _only_
solution to IPv4's woes. We're torturing ourselves with IPv6 by going on like
this and it's not bringing us any closer to a solution! At this point, there's
no reason not to start looking for workable extensions to IPv4 (and TCP/IP in
general) to address the issues we're having.

I'd bet that a small group of dedicated engineers could come up with an
compatible extension to IPv4 (that expands the address space) and could
develop a workable migration strategy, example code, socket library
modifications, and a compatible version of Ubuntu all within a year. Imagine
the excitement if IPv6 could be sent to the circular file and a clear
alternative was not only proposed, but downloadable.

So, in short, that's my solution: cast off IPv6 as the death march project
that it is and get excited about a minimum viable product (see what I did
there?) alternative to IPv4.

Oh, and since this is HN: I'm sure that there's _just_ _no_ _way_ to make
money from an extension to IPv4. No consumer going to need a converter box, to
sit between their modem and LAN, right? I mean, the government would have to
offer rebates. Madness! No businesses are going to need consulting services or
contracted coding work. Nope. It certainly won't be like Y2K, but even it it
was I'm sure no one made any money from that transition...

~~~
BerislavLopac
_I'd bet that a small group of dedicated engineers could come up with an
compatible extension to IPv4_

I'm sure they could -- but why didn't they? I think that the end of the IPv4
era is something that will happen pretty quickly, as most people are operating
on the "don't mess, it's working" principle; once it stops working there will
be a need for a quick solution, and the only one that has any groundwork laid
out -- apart from NATs -- is IPv6, which has been supported by most modern
operating systems.

I don't think the migration will be a concerted effort -- it will more likely
unroll as a domino-effect: once a few key players, probably backbone
providers, decide to make the switch, their users will follow suit, and then
their users and so forth.

------
cletus
One thing that doesn't make sense to me is that people are comparing the
number of internet-connected devices to the size of the IPv4 address space,
implying each device needs its own IPv4 address.

This is obviously not the case. NAT (Network Address Translation) techniques
can hide thousands of devices behind one IP address. In fact, for security
reasons, it's _advisable_ to not have every device directly on the internet. I
have an ADSL modem/router at home with NAT, which makes substandard firewall
solutions as what is provided by Windows pretty much unnecessary.

So perhaps we simply need to reclaim large blocks (particularly those
universities and companies that have large A blocks of ~16 million addresses)
and save IP addresses for each machine for ISPs, servers and those that
actually need them.

Of course that's hard to mandate but like many things you can solve it with
market forces: charge people who have more than, say, 128 IP addresses on a
scale such that the most economic thing to do is transition away from that and
give up their addresses.

~~~
loup-vaillant
> implying each device needs its own IPv4 address.

This implication is basically correct, actually. Sure, not every _machine_
needs to be a server, but every _people_ should have at least one. Everyone
should have his own mail server. Every blogger should have his own web server.
And so on. It's just a matter of basic civil liberties, like privacy and free
speech, which currently aren't fully enabled, because most people don't have
the amount of control they should have.

If we let giant NAT routers spread further, such control will be effectively
impossible. Even for computer nerds. Even for owners of a freedom box[1].

As a side note, the correct response for security is not using giant NAT
routers. It's getting rid of Windows.

[1]: <http://wiki.debian.org/FreedomBox>

~~~
tptacek
Why is a native IPv4 address a "basic civil liberty"? It's a technical detail.
Surely the "liberty" is "first class citizen of the Internet", right? "The
ability to publish content, the ability to build applications, the ability to
pass traffic"?

If IP addresses were _truly_ and in principle a _right_ , then surely everyone
would also be entitled to an ASN and the right to publish their IP address on
the provider of their choosing. But they aren't; it costs hundreds of
thousands of dollars to go from a standing start to default-less full peer.

Without peering, the IP address is just a totem. You think it matters, but it
doesn't; you've simply been licensed to speak on the Internet by your ISP.

That doesn't really bother me, but it should bother you, if you take your
principles seriously. IPv6 isn't going to solve that problem (IPv6 does not
magically end BGP RIB bloat). But overlay networks, which don't care whether
they're running on top of IPv4, CLNP, IPX, or IPv6, _do_ solve it.

~~~
loup-vaillant
Well, actually, I do think that being your own ISP is very important, maybe
even crucial. Alas, it's currently difficult, as more and more network
providers don't want to peer with the small players.

I know nothing about overlay networks. I need to dig further before I update
my beliefs.

~~~
tptacek
Realize that even in our bright and shiny IPv6 future, no top-tier provider is
going to let you peer with them to publish your addresses. So long as routing
is controlled by the majors, addresses are just totems.

------
SanjayUttam
There is clearly a debate going on in this thread regarding whether or not we
are running out of address space/whether or not we need truly globally
routeable IPs, etc. Assuming that we _do_ need to go the IPv6 route, for a
second...

I wouldn't really expect any businesses to go the way of IPv6 unless there was
some kind of 1) Financial benefit, or 2) A law that required them to do so.
Otherwise, there is really no reason to spend any time/money on it (Even if it
is negligible). I can't find the source, but I believe at one point (maybe
still) the Japanese govt. was providing cash incentives (tax benefits, etc.)
for businesses to go the IPv6 route.

------
ankimal
IPv6 always reminds me of this <http://www.youtube.com/watch?v=_y36fG2Oba0>

------
ThomPete
It might be ugly but cellphones around the world rejoice. Your battery is
going to love you for it.

~~~
viraptor
Could you explain what you mean? What do cellphones have to do with this?

~~~
ThomPete
When your cellphone get a static IP instead of a dynamic one your cellphone
should be able to save up to 50% energy.

<http://www.usipv6.com/what_is_ipv6.php>

"IPv6 is compatible with 3G wireless (near) broadband and has other features
that support greater mobility. There will be two billion mobile phones by 2006
and (at least) two addresses are required per mobile phone, so just enabling
every mobile phone will require more IP addresses than are left with IPv4.
Static addresses can also double battery life by not wasting power by checking
whether a call is completed so the carrier can grab back the dynamic IP
address, which wastes a great deal of power."

~~~
gxti
That seems quite optimistic. Do you have a source from someone who knows
something about electronics engineering instead of networking?

~~~
ThomPete
I heard a Nokia engineer talk about it in some Podcast. Let me see if I can
dig it up.

Edit: He (the Nokia engineer didn't talk about the 50%, that's only that
article) only talked about better battery life in general. Whether the 50% is
true I only have that article to point to.

------
jodrellblank
Countdown of IPv4 address allocation: <http://twitter.com/ipv4countdown>

------
stretchwithme
one thing that can be done when the transition is made. we could make an
initial switch of all IPv6-capable machines for a short initial period that
would reveal all machines not capable, then switch back to IPv4 for enough
time to get those now very aware of their problem. We could do that for
several weekends prior to the real switch.

Such an approach would require a lot of software to be changed, to be sure.
But it might be worth it.

~~~
viraptor
Yup - that's exactly what customers will allow you to do. Especially if you're
running ISP / ITSP, your customers will be glad you disconnected most of their
devices while testing this new thing they know nothing about and care about
even less.

------
ck2
The class E block of IPv4 (240.0.0.0/4) has 268 million addresses available
but no existing version of Windows will see/talk to them.

So just sue Microsoft to make a patch available since they obviously aren't
going to fix that on their own and you bought IPv4 a few more years.

~~~
mseebach
61 million smartphones sold in Q2. Your solution will last little longer than
a year, assuming perfect allocation of that block.

~~~
ck2
Can we NAT verizon and at&t? lol

~~~
loup-vaillant
They're not, but they do. At least here in France, the main carriers put every
single smart-phone under a NAT router. While IP hasn't ran out yet. They don't
want their customers to run servers on their smart-phones.

------
dennisgorelik
It looks like the article ignores important fact that IP4 address is used to
determine location and whether the sender is spammer or not. When IP addresses
are easily available, it would be harder to maintain such locations and spam
databases. It looks to me that IPv6 is a waste of time and would eventually be
replaced by some other technology.

~~~
narrator
Naah.. The government will just require your unique citizen identifier in the
bottom 64 bits. You won't be able to sign up for an ISP or a cell phone or any
other connected device without it. Why do you think they made the address
space so absurdly huge?

~~~
derefr
Who is this " _the_ government?" In fact, I heard somewhere that the
government of any arbitrary spammer is just as likely as not to be a whole
_different_ government!

~~~
Groxx
Clearly the narrator is referring to that meta-governing-body, The Government.
You know, the one all the conspiracy theorists never see, because _it's OMG
REAL_ , and therefore not a conspiracy. Narrators, however, have outside
knowledge of the system they narrate, so they _would_ be in a position to know
of such a system.

~~~
narrator
Ok, it's a paranoid theory for now but I couldn't think of any other possible
reason for such a large address space besides being permanent unique
identifcation of clients, like a mac address. The bandwidth wasted on sending
those addresses around multiplied by every packet on the internet seems
ridiculously wastefull otherwise. For instance, there will probably never be
2^128 packets created and sent on the internet between now and the heat death
of the universe.

~~~
Groxx
Wasn't meaning to shoot down the paranoia, just having fun with / at your
username, as I saw the potential for fun :) It's certainly excessive, but more
layers = more efficient routing, and I'd assume they don't want to go through
all this again in a mere 1000 years when we're populating 5 planets, everyone
has 100+ network connected devices, and data centers have billions. And
everyone tweets.

~~~
narrator
You don't understand how large 2^128 is do you? Let's quit all this handwavy
crap about how that's a nice big number and look at how absurdly big it is.

The number of seconds since the universe started is 13.75 billion * 86400 *
365 = 4.3 x 10 ^ 17 seconds.

U.S Internet traffic was 18 exabytes (1 exabyte=10^18 bytes) a year, so let's
just say that that we are sending 18 exabytes a second since the beginning of
the universe and we are counting each byte. Yes, each set of 8 1s and 0s. How
many is that?

4.3 x 10 ^17 * 18 * 10^18 = 7.74 * 10 ^36.

2^128= 3.4 + 10 ^ 38 / (7.74 * 10^36 ) =~ 43. So you could have a different ip
address for every byte sent over the Internet, assuming the traffic for the
whole year was sent over the course of 1 second for every second in 43 times
the current age of the universe.

~~~
Groxx
I understand it perfectly well, yes. I also understand that people like to buy
_ranges_ of IP addresses. This much space makes it not only easy, they can
sell _large_ ranges nearly _indefinitely_. _Sell_ \+ _indefinitely_ = yes,
from their viewpoint.

