Slashdot Log In
Feds Say They're Ready For Monday's IPv6 Deadline
Posted by
Soulskill
on Sat Jun 28, 2008 07:13 AM
from the upgrades dept.
from the upgrades dept.
netbuzz writes "By all indications and against all odds, it appears as though most, if not all, federal agencies will have met the mandate issued back in 2005 that their network backbones become capable of passing IPv6 packets by June 30, 2008. NetworkWorld quotes Pete Tseronis, chair of the IPv6 working group of the Federal CIO Council, saying, 'I have not heard of anybody who is not going to make the IPv6 deadline.' Those involved are calling this a significant milestone in what has been an extensive effort to bring IPv6 into widespread deployment."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
More IP's (Score:2, Funny)
More IP numbers for government. As if proof were needed that the size of government is growing out of control.
IPV6 here we come... (Score:5, Insightful)
Or not. While the federal government of the USA may have backbones capable of running IPV6, they seriously lack the ability to effectively make the switch without a great amount of pressure. Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced. Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.
Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.
Re:IPV6 here we come... (Score:5, Interesting)
NAT is good enough for the unwashed masses.
I am currently in Uzbekistan. Our Internet uplink goes through China (because of a domestic Internet monitoring policy that allows for only one country-level Internet provider). On the IPv4 block allocation generosity scale we are at the lower end, twice. Depending how things are configured there I am usually behind one or two layers of NAT already from the provider, not counting our own internal network. Something as simple as Skype usually goes through 4 to 8 relays, and getting a server working reliably here can be a challenge.
Market forces have decided that in the US, and slightly less so in Europe, where IPv4 block allocation was comparatively generous, NAT is enough for your own unwashed masses. Everywhere else NAT is an abomination and an administration headache that has to go away. NAT is like deodorant for the unwashed mashes where what they really need would be a good decent shower.
Since implementation of IPv6 routing elsewhere is picking up steam, we can only hope that the same market forces that have allowed the US to stick to their comfy IPv4 couch will eventually force the US to adopt it as well. Since it looks like the non-US market is growing, things are looking good here, and the story confirms it.
Parent
Re:IPV6 here we come... (Score:5, Insightful)
You go through several NAT devices because that is what your government wants. With IPV6, you would go through the same networks, you would just have a longer NAT ip address.
IPV6 will not make the routing table that IPV4 enforces go away, it will just give it the ability to have QOS and a few other features. If your government wants to limit your access, they will still have that ability.
Parent
Re:IPV6 here we come... (Score:5, Informative)
Furthermore, I believe that GP was not complaining about censorship and/or limit of access by government authorities, but rather using that to preface the technical reason they have one ISP that routes through China.
Parent
Re: (Score:3, Funny)
Hey, if the guy manages to connect to slashdot using a Commodore 64 in Uzbekistan, we should welcome him with open arms, whether he is a part of the unwashed masses or not.
Re:IPV6 here we come... (Score:5, Funny)
Parent
Re:IPV6 here we come... (Score:5, Interesting)
Not saying that it is not needed, I am sure the "rest of the world" outside of the US and the EU would like some IP space all of their own, but market forces have already relegated that individuals have no need for unique IP space and NAT is good enough for the unwashed masses.
NAT is only good for networks. Every ISP subscriber still gets a unique IP, and with people leaving their PC's on 24/7, those might as well be unique IP's (my ISP does not charge that much extra to get a fixed IP).
I read a statistic that by 2010 half of the global population is going to have a cell phone (currently it's 4 out of 10), with most of the growth in asia and the middle east. Currently 1 in 6 cellphone users globally has an internet-enabled subscription (even if they don't use it), but this is going to grow considerably. We could be talking about up to a billion new internet users over the next decade, in asia and the middle east, the majority of them on cheap mobile devices. NAT is not going to be the answer, and IPv6 will become a necessity to reach those markets.
The NYT did an interesting article about cellphones and the third world. What's driving the adoption is economic necessity. The cost of doing business in a globalized world is that you have to be connected. http://www.nytimes.com/2008/04/13/magazine/13anthropology-t.html [nytimes.com]
Parent
Re: (Score:2)
Why wouldn't it be possible to use IPv6 with a cellphone? as long as the operating system and network both support it...
/Mikael
Re: (Score:2, Informative)
NAT is bad for P2P (Score:2)
With BitTorrent, no it isn't. At least not without some cooperation from the ISP. In my case, for instance, I've never been able to set up the UDP port for DHT.
Re:NAT is bad for P2P (Score:5, Interesting)
I'm at least partly convinced that the ability to block "unauthorized" services using the fact that it's such a pain to run any kind of server from a machine behind a NAT router is one of the main reasons that the commercial internet industry has stuck with IPv4. If they moved to IPv6, their old "We can't give each of your computers a real IP address because we don't have enough to go around" excuse would fall apart and they would have to either start letting people run their own servers or they'd have to move to doing actual port blocking, which would look really bad.
Parent
Re:IPV6 here we come... (Score:5, Insightful)
Lets face it, with NAT and other technologies, the need to migrate to a new standard has been severely reduced.
Not even close. NAT breaks networks horribly by its very nature, and voids the original Internet ideal of a collection of peers. Consider that with NAT it's impossible to connect to another machine which is also behind NAT without going through a third party. While governments might love the idea of forcing you to funnel traffic through a central, easily-tappable server, it sucks for end users. Not only is it bad for privacy, but for reliability: now you can't talk to your friend's machine if the helper server is down or out of bandwidth. That's not acceptable!
Having had a little bit of experience working with big networks based on IPV4, the migration to IPV6 is going to be pretty awesome... like the titanic sinking, or an entire city being leveled by an earth quake.
Having apparently a bit more, I don't think it's going to be that bad. You don't have to start with a complete cutover, or even make a complete transition at all. Right now, today, odds are that you could start using link local addresses on your LAN for testing. You can get an IPv6 allocation and start with little things: configure your mailserver to use it and start publishing DNS to it. Once you're convinced it's up, try again with your webserver. Maybe configure a couple of workstations for the geeks in your company and let them bang away at it. If any of that fails, no big deal! You're still live with IPv4.
Parent
Re: (Score:3, Insightful)
The early internet consisted of a bunch of mainframes operated by a bunch of BOFH (Bastard Operators From Hell). The only guys (usually male) allowed to log on were military types or civilian employees of defense contractors, who had a whack of security clearances.
For liking to pretend that you were there when it all started, you don't seem to understand what a peer [wikipedia.org] is.
ARPANET and the Internet were built around the idea that computers could talk to each other. NAT breaks that. QED, NAT is not what the Internet was meant to be like.
One huge caveat (Score:5, Informative)
The thing they're not talking about here is that to meet the mandate, the gov't networks have to be *capable* of passing IPv6, and have tested that they can. Turning IPv6 back off as soon as they confirm that test is totally within the bounds of compliance (and many agencies are doing exactly that).
In short, don't expect this to actually drive IPv6 adoption...this was a paperwork exercise.
Re:One huge caveat (Score:5, Insightful)
This is fundamentally no different than when companies had to run IP and IPX on computers during Novells transition in the 90's.
Parent
Not to supprised. (Score:5, Insightful)
Being that IPv6 has been around for over a decade, meaning most legacy hardware has been replaced by then that used IPv4 only as well many systems even ones older then 10 years old that support TCP/IP are often new enough to get a software patch for IPv6 and what is left are so old and legacy that they are not available on the internet or you can just put a Linux box on them before the network and connect via IPv6 it does an IPv4 direct communication to the system and passed the data threw.
However most systems that cannot support IPv6 probably needed to be upgraded anyways and offered federal IT employees a law to point to get funding for a much needed upgrade.
Re:Not to supprised. (Score:5, Informative)
If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:
* Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.
* Until fairly recently, the Cisco PIX and ASA would route IPv6, but several major features (like failover) weren't available.
* Running NAC? I have yet to talk to a NAC vendor who supports IPv6.
* Many of the Security Information Manager products don't do IPv6, either (or they didn't the last time I checked).
* Heck, let's talk Windows XP. It theoretically supports IPv6, but it will only do DNS over IPv4.
Vendor support for IPv6 has been pathetic.
Parent
Re: (Score:3, Informative)
Windows 2k8 NAC fully supports IPv6
Re: (Score:2)
> If you really believe that anything that doesn't support IPv6 at this point is "legacy" you clearly haven't tried to implement it. A few things off the top of my head:
>
> * Cisco IOS will route IPv6, but it does doesn't do it in hardware (it forces the packet up to the totally underpowered CPU of the router), so the packet rates are pathetic compared to IPv4.
>
Is that true of CISCO layer 3 switches? I'm just curious. It was my impression that layer 3 switches did their routing in hardware.
Re:Not to supprised. (Score:4, Informative)
Plenty of Cisco hardware handles IPv6 in hardware. The 12000 and 10000 both do, the 7600/6500 does, the 3750 and 3560 switches do, etc. I don't know why you think Cisco stuff doesn't handle IPv6, since it has for years.
Parent
Re:Not to supprised. (Score:5, Funny)
Hi. Some of us don't like reading 96-word rambling sentences. Thanks.
Yes, but IPv4 commas and periods are in short supply.
Parent
Ping & Unplug (Score:4, Interesting)
I've heard this referred to as "ping and unplug" by two different network vendors that we've worked with. I don't think this will be much more than a very limited proof of concept.
Wrong requirement... (Score:3, Interesting)
This just requires that the backbone passes ipv6, which any backbone routing device made in the past 10 years will be easily capable of doing.
What they really should do, is require that any service offered to the outside world be available with both ipv6 and ipv4 connectivity, starting with any new deployments/upgrades and gradually rolling out to existing sites.
Re: (Score:2)
This just requires that the backbone passes ipv6, which any backbone routing device made in the past 10 years will be easily capable of doing.
It's much less than that. Effectively the directive's minimum requirements are *one device* capable (not necessarily configured or connected) to route IPv6. So, BFD.
Classic 5-step (Score:3, Insightful)
This is good news. The IPv6 transition must happen in stages, the whole world cannot convert at the same time. In order to beat the chicken-and-egg problem, someone simply has to go first.
Re:Classic 5-step (Score:5, Funny)
6. I'm sure someone will profit.
They won't be able to profit at step 6 - they hit an infinite loop at step 5!
Parent
Re:Classic 5-step (Score:5, Informative)
Update all clients to IPv6 capable systems (i.e., junk Windows)
Vista runs IPV6 by default and everyone was hoping that this would help to drive adoption. IPV6 can be installed in a few clicks on an XP machine. You harboring much of an agenda there, boss?
Parent
Re: (Score:2)
Nah, just clueless :)
The last time I've needed to touch windows was xp some years ago, when the IPv6 add-on package was mostly for entertainment purposes. It's good to hear it's improved to something usable.
Re: (Score:2)
2. Update all clients to IPv6 capable systems (i.e., junk Windows)
Windows XP SP2 and Vista both support IPv6. Vista even has it on by default.
But you already knew that, and just wanted to bash MS again.
Re: (Score:3, Funny)
X = X+1, goto 1
Every time someone writes goto [wikipedia.org], a kitten dies.
Damn, I've done it.
FUD! (Score:4, Insightful)
Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.
http://www.iana.org/assignments/ipv4-address-space [iana.org] [iana.org].
That'll do us for what? Another 10-15 years or so?
Plus if the US gov wants to release a bunch too since they are going IPv6.
This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!
003/8 General Electric Company
004/8 Level 3 Communications, Inc.
006/8 Army Information Systems Center
008/8 Level 3 Communications, Inc.
009/8 IBM
011/8 DoD Intel Information Systems
012/8 AT&T Bell Laboratories
013/8 Xerox Corporation
015/8 Hewlett-Packard Company
016/8 Digital Equipment Corporation
017/8 Apple Computer Inc.
018/8 MIT
019/8 Ford Motor Company
020/8 Computer Sciences Corporation
021/8 DDN-RVN
022/8 Defense Information Systems Agency
025/8 UK Ministry of Defence
026/8 Defense Information Systems Agency
028/8 DSI-North
029/8 Defense Information Systems Agency
030/8 Defense Information Systems Agency
032/8 AT&T Global Network Services
033/8 DLA Systems Automation Center
034/8 Halliburton Company
035/8 MERIT Computer Network
038/8 Performance Systems International
040/8 Eli Lily & Company
043/8 Japan Inet
044/8 Amateur Radio Digital Communications
045/8 Interop Show Network
047/8 Bell-Northern Research
048/8 Prudential Securities Inc.
051/8 Deparment of Social Security of UK
052/8 E.I. duPont de Nemours and Co., Inc.
053/8 Cap Debis CCS
054/8 Merck and Co., Inc.
055/8 DoD Network Information Center
056/8 US Postal Service
057/8 SITA
Adeptus
Re:FUD! (Score:5, Informative)
Yeah, I actually work for GE, we have the entire friggin 3.x.x.x range, 16 *million* IP's, for roughly 300K real employees (and a ton of contractors) plus servers.
I mean, being realistic here, unless we have a server for every employee/contractor, and they each have 8 machines on their desk.. I'm betting we don't use more than a million of those.
And of that, virtually *none* (a handful) are actually on the public internet. 99% of them (at least) are behind firewalls and proxies, so *not* using a 10.x subnet internally is just a waste.
Sadly, 5 years and I've heard it mentioned *once*, but haven't actually seen any motion towards changing (like configuring switches for both 3.x and 10.x routing, etc). While, yes, I comprehend the scale of it, realistically a simple 3.x->10.x one-to-one mapping wouldn't be all *that* hard, and a per-site/per-business cutover.
But like most of corporate america, we talk about a lot of things, but not much really happens.
Parent
Re: (Score:3, Funny)
This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!
Century 12, Quatrain 5 says:
Gore, of old, would tell that six is all
on the day the silver tubes stopped passing;
terrible anguish would ensue
as tube of you could not be contacted.
See. We're doomed.
Re:FUD! (Score:5, Informative)
Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.
http://www.iana.org/assignments/ipv4-address-space [iana.org] [iana.org].
That'll do us for what? Another 10-15 years or so? Plus if the US gov wants to release a bunch too since they are going IPv6.
This whole "OMG! We're going to run out of addresses (and ponies)" scare is starting to be more pathetic and fake than Nostradamus predictions!
Take a read of this blog post to find out what's really happening:
/8 per month in 2007, so even if they did recover all 650 million addresses from the allocations you mentioned (very unlikely), it would not buy us another 10-15 years. It would buy us about 3 years assuming the demand for IP addresses doesn't increase.
http://blog.icann.org/?p=271 [icann.org]
They allocated more than one
Reclaiming address space doesn't solve the problem, it just delays it. And it doesn't even delay it by that much.
Parent
Re: (Score:2)
Hey now, the building I live in at MIT has its own Class B and that's the way I likes it!
If you ever see someone from 18.238.*.* make sure to say hello.
Re: (Score:2)
Hey IANNA, why not free up some of the "LEGACY" Class-A allocations (see below) That would free some 650 MILLION addresses!!! Some 15% of the address space.
While a good idea, it is probably easier to simply migrate to IPv6. I say this reckoning that the amount of bureaucratic paper work amounts for most of the effort. If you are going to be doing the paper work, then it might as well be done for a solution moving forward, than trying to temporarily fix a bad allocation. At least this way the paper work is d
IPv6 Sucks (Score:2)
We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:
http://20010db885a308d313198a2e03707348/ [20010db885...2e03707348]
That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.
IPv6 : Proud sponsors of unusable addresses.
Re: (Score:2)
We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:
http://20010db885a308d313198a2e03707348/ [20010db885...2e03707348]
Learn DNS. :-) My Windows Vista machine and my Macs resolve just fine after pulling an automatic network address, tyvm. And I'm running BIND, not Win2kX on the server side.
That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.
IPv6 : Proud sponsors of unusable addresses.
Your URL won't work because you forgot your brackets and your semicolons.
And if you have to remember addresses, in a lot of circumstances it's not a lot different than an IPv4 address, because you can truncate a lot. My home netblock is 2001:4830:####b::/48 (digits on the third set baleeted for obvious purposes). I can remember it fin
Zeronf: Bonjour, Avahi (Score:3, Informative)
We've had a decade of people trying to ram this product down our throats, and yet, the best we get is that we should appreciate having an IP address that looks like:
http://20010db885a308d313198a2e03707348/ [20010db885...2e03707348]
That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.
To nit pick, that URL is wrong, it should be of the form:
http://20010db87348/ [20010db87348]
Note that the number is between brackets and has colons. Longer numbers are a side affect of making more addresses av
Correction (Score:3)
Did you check before you posted: obviously not, since /. drops the colons in the IP address, unless specified within 'a href'. Can I say broken?
http://20010db885a308d313198a2e03707348/ [20010db885...2e03707348] [20010db885...2e03707348]
That -sucks-. ok? it sucks. It may be great for network people, except those that use the addresses, but it suks.
/.):
To nit pick, that URL is wrong, it should be of the form (note your URL was probably mangled by
http://2001:0db8::7348/
Note that the number is between brackets and has colons. Longer nu
Re: (Score:3, Funny)
The best? Then you've not been reading. (Score:5, Informative)
In addition to the extensions, the following benefits are also present:
Only a few of these points mention addressing at all, and none refer to the specific length of IPv6 addresses.
Parent
I read this differently.... (Score:3, Interesting)
This has all the earmarks of being as successful.. (Score:4, Insightful)
... as the federal government's push to go all-metric.
"Can" pass IPv6 isn't the same as "will."
IPv6 Ready ISPs, Personal experience (Score:4, Interesting)
I live in Canada and none of the ISPs that provide internet connection to the home provide native IPv6 support. Holidaying in France the other day I found that free.fr and possibly Wanadoo/Orange provide IPv6 support. An incomplete list of Internet Service Providers [sixxs.net] providing native IPv6 is available, though it could probably be updated and as more ISPs start providing native support to their customers. DSL Reports, also has a forum [dslreports.com] dedicated to IPv6.
Myself, I have started experimenting with IPv6 simply so I can understand all the issues and be able to help out other adopters. I started using Teredo on my Mac (since it supports being behind a NAT), by means of Miredo [remlab.net] (a nice front-end for the Mac is available here [deepdarc.com]), and then moved onto Aiccu [sixxs.net]. The advantage with going using Aiccu, is that I can have an IPv6 subnet [sixxs.net] for my computers at home. Also, since I wanted to make my web server available on the IPv6 addressable net, I registered its IP address with FreeDNS [afraid.org], since they allow for registration of AAAA records on their servers. There are certainly other 6to4 tunnels providers, such as Freenet6, but I haven't really investigate them since I already have a solution that fits my needs.
What the IPv6 World Needs (Score:4, Interesting)
And if your device talked IPv6 to this router, then it would transparently pass it through allowing a transition to IPv6 at the user's pace, rather than being forced into it due to the depletion of IPv4 addresses. After all, didn't someone once say that 4294967295 addresses ought to be enough for everybody?
If such a nifty device exists, it's sure not being talked about widely yet.
Re:Dump IPv6 (Score:5, Informative)
Correct me if I'm wrong, but it is my understanding that IPv6 adresses are not a superset of IPv4 ones. That means, that absolutely no current internet site is reachable by IPv6.
...
IPv6 address should be a superset of IPv4 ones. (or example : 1.2.3.4 is IPv4, 1.2.3.4.5.6.7.8 would be IPvX. you type the former in IPvX, it gets padded to 1.2.3.4.0.0.0.0 and still works). I fail to understand why it isn't so.
Well, it would be hard to expect old software to be able to send and receive packets in a new format automatically--the packet header would at least require a longer address field, but probably other changes as well that will improve performance and flexibility. On the other hand, it should be possible for programs that use the new version of the networking API to communicate with machines on IPv4. And this is possible using IPv4 mapped IPv6 addresses [wikipedia.org] (RFC reference [ietf.org]).
Parent
Re: (Score:3)
Correct me if I'm wrong, but it is my understanding that IPv6 adresses are not a superset of IPv4 ones.
That means, that absolutely no current internet site is reachable by IPv6.
IPv4 addresses are mapped into the ::FFFF:a.b.c.d range.
You can't connect to an IPv4-only server from an IPv6-only client because it is a different network protocol and there is no way to fit an IPv6 address into the IPv4 source-address field. However a client with both an IPv4 and an IPv6 address can connect to either type of server.
Re: (Score:2)