[LINK] There is no Plan B: why the IPv4-to-IPv6 transition will be ugly

Karl Auer kauer at biplane.com.au
Fri Oct 1 23:30:22 AEST 2010 

On Fri, 2010-10-01 at 22:25 +1000, Kim Holburn wrote:
> http://arstechnica.com/business/news/2010/09/there-is-no-plan-b-why-the-ipv4-to-ipv6-transition-will-be-ugly.ars

This is a bit of a mish mash of good and bad info.[1]

> > years. The Internet will soon be sailing in very rough seas, as it's  
> > about to run out of addresses, needing to be gutted and reconfigured  
> > for continued growth in the second half of the 2010s and beyond.

That is massively overstating the case one way - there is no need to
"gut and reconfigure" the internet. On the other hand, the case is
understated the other way: You can expect expect whatever ructions may
come a LOT sooner than 2015!


> > that the change from the current Internet Protocol version 4, which  
> > is quickly running out of addresses, to the new version 6 will be  
> > quite a messy affair.

This too, overstates the case. It's messy for people who want to
duplicate IPv4 systems using IPv6, in particular those who wish to use
private address space. It's not messy for those who use IPv6 as it is
intended to be used.

> >  The end result is a bit of a mess: all IPv6 systems support  
> > stateless autoconfig; Windows Vista and 7 support DHCPv6, but  
> > Windows XP and Mac OS X don't; on open source OSes a DHCPv6 client  
> > can usually be installed if one doesn't come with the distribution;

A client exists for WinXP and works well.

OSX is way behind on this, but there are at least two DHCPv6 clients
that can probably be got running on OSX with little difficulty.

> > and Vista and 7 also use the temporary, random number-derived  
> > addresses by default, whereas other OSes don't.

I know they use random-number derived addresses. I'm not sure they use
temporary addresses - the two are not synonymous.

> > In the early 2000s, Windows shipped with lots of insecure protocols  
> > enabled by default

Has this changed significantly?

> > routers. But since IPv6 has no NAT (nor does it have any need for  
> > NAT), NAT routers had to create the same firewall effect using a  
> > stateless firewall.

No - *non*-NAT routers had to create the same firewall effect. Luckily
virtually all commodity routers already have all the smarts they need to
do this; at present only for IPv6, but it's not rocket science.

It's not a stateless firewall though. The firewall (packet filter,
really) has to permit packets back in that belong to established
outbound connections, which means maintaining some state. Luckily that
too is very straightforward and built into most commodity routers
already.[2]
 
> And there are no port mapping mechanisms for IPv6  
> > (—there's no NAT, remember)? All of this means that peer-to-peer  
> > protocols such as VoIP solutions and BitTorrent work worse over IPv6  
> > than over IPv4.

What?!? What a pile of steaming bat doo-doos. IPv6 takes us back to
simple end-to-end connectivity. Peer to peer works *better* because
there is no need for rendezvous servers - servers that both ends have to
connect to, because they can't connect to each other directly. If VoIP
solutions and BitTorrent "work worse over IPv6" (and I'm prepared to
accept that it is so) then it is for some other reason.

>  This situation probably won't be resolved any time  
> > soon, as people with "security" in their job title refuse to  
> > consider passing through unsolicited, incoming packets in any way,  
> > shape, or form.

Yes and that's worked so well, hasn't it? Now people make their peer to
peer connections to outside, and that makes it solicited, and in comes
the traffic. Let us not lump all security people together - some of them
actually have a clue, and know that true end to end simplifies
troubleshooting AND the identification of miscreants.

> > Plan B
> > There is no plan B.

Indeed.

> > their fair share of addresses, yet. So, even though we're still  
> > trying to figure out the question, the answer will have to be "IPv6."

No - we are not still trying to work out the question. Both the question
and the answer are clear. Whatever faults it may have, IPv6 is the
future. And not only that, it's pretty much the immediate future.

Get over it, get used to it - get into it.[3]

Regards, K.

[1] I haven't read the article, just your email.

[2] What is not generally built in at the moment (but will need to be)
    is DHCPv6-PD - prefix delegation, so that an ISP can pass an address
    range to the CPE for use in the local network.

Disclaimer: http://www.ipv6now.com.au/about.php

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF

More information about the Link mailing list