Here Comes IPv6... Guess Who is Not Ready

In about 100 days, the United States Federal Government will be required to be running large portions of their systems on IPv6. Now, for the few non-technical in the crowd, it means that the address your PC uses to connect to the Internet, in most cases, is IPv4. Version 4 has been around almost since most of you started networking your machines to the Internet (it was around in the early '90s when I started doing all of this). IP version 6, which debuted in 1995 was designed to "fix" some of the things that were broken in IPv4, such as the limited address space (it may surprise you but there are only so many addresses in IPv4 that can be allocated). IPv6 increases the address space to some ridiculous number like 1000 per cubic meter of the Earth - in other words A LOT!.

So, as part of my testing, I figured I would call my ISP and request a block. Might as well get while the getting is good right?

So, here is some of my chat with my ISP (try not to laugh):

Me: I want a block of IPv6 addresses. How do I request them?
ISP: As I understand, you wish to block the IP Address of any Domain name. Am I correct?
Me: Negative. I want to request a block (say a /48) of IPv6 addresses.

As you can see, we are off to a roaring start.

But it gets better:

ISP: I apologize for the inconvenience caused to you. I am not getting your concern correctly, could you please elaborate your concern once again for me?
Me: I would like to request a block of IPv6 addresses for use on my home network. How do I do that?
ISP: Alright. As I understand, you wish to block of General Unicast IPv6 addresses for your Home Network. Am I correct?
Me: Correct.
ISP: I would love to assist you however we have a different department...

So, I call the department and they do not even know what I am talking about until they find a supervisor who tells them that the "service" is not supported.

Tell me again why the Fed is pushing to convert?

Now, how do I apply for an IPv6 address block?

______________________

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Frankly I don't blame the

raf's picture

Frankly I don't blame the customer service rep too much. Especially for a non-native English speaker, or even someone who's just not familiar with IPv6, or IPv4's distinction from it, it would be easy to interpret your question as "please block all IPv6 addresses from connecting to my computer." I think you might have tried rephrasing it: "I would like a range/series/group of IPv6 addresses be assigned to my network."

Eh...

kg4giy's picture

If I had been on the phone, maybe...but since I was typing it (and typed it about four times), once, yes...maybe.

The truly sad part about all of this is it is NOT a new initiative. It has been the focus of dozens of article in the trade press for three years now. If this was a mom and pop organization I would chalk it up to inexperience, but this is a MAJOR telco.

Agree with mburns

brian_'s picture

I have to agree with mburns here. This article is poorly researched, inflamatory, and underlines the author's total misunderstanding of the reasons behind the IPv6 government mandate.

The mandate is there exactly BECAUSE IP6 has not been widely adopted by the public. What it does is force any vendor who wishes to get very lucrative contracts with the government to implement IP6, which means that they will have to create and test products that work with it. Also, any ISP or network company must also implement it on their networks. THEN, because all of that cost has already been forced on the vendors, the next easy step for them is to turn around and offer it to the consumer. By that time, a significant portion of the infrastructure will already be in place, and the chicken/egg problem will have been solved.

It's ALWAYS about economics.

Economics

kg4giy's picture

Who's economics? The Federal Governments?

We are talking about an organization that has access to as many addresses as it needs to do business, most of which really are not utilized properly to begin with (on the front side) and are NATed to private addresses on the back side. So, there are no savings here from an address perspective. It isn't like the Fed is going to convert tomorrow and suddenly all these IPv4 address are going to be freed up. In reality, they are going to have to NAT their IPv6 traffic back to IPv4 just to reach the sites on the net that haven't converted. Which is plenty!

Forcing corporations to change, just for the sake of change is a VERY bad idea. Perhaps if it was Cisco leading the way, it might make sense, but from a "let's change the world" prospective, especially when it comes to IT, the United States Federal Government is the most conservative organization on the planet with only a couple of exceptions. Telcos look positively bleeding edge by comparison. The Fed does not do ANYTHING until everyone else forces their hand. So who is forcing the migration to IPv6? It is not coming from the inside. Sure DARPA and maybe some propeller heads over at NIST and NASA might be chomping at the bit, but by and large, the networks inside the bulk of the Federal space are chugging along quite nicely thank you, many still running version of software that have been end-of-life for years. Why? Because they can, they work and there is no reason to change.

Economics has very little to do with the Federal Government. After fifteen years of building their networks, I have a pretty intimate view of what is going on and deploying IPv6 is getting little more than lip service.

There is no money to convert (yes, it costs money - equipment, training, etc). There is not a lot of spare money in most departmental budgets. So where is the impetus? As I have said, there is gear already in production that supports the stack. There is also considerable amounts of gear in the agencies that DO NOT.

From OMB's perspective, this is a mandate that must be met. So the agencies are doing as little as possible to meet it (some more, some less). If ANYONE is under the misconception that this is going to force the Internet to convert to IPv6 overnight, let me help you out and tell you not to rush out and start renumbering. If the telcos are not rushing to meet it and they are not, what is the impetus. Why was this even made a priority in a nation with dozens of other IT priorities? Maybe I don't understand the reasons. I will fully admit there are a lot of mandates the Fed imposes that makes me sit back and scratch my head. Most of them are little more than empire building frankly, but this one is just out of left field strange. If you work for OMB, tell us, why? What were the technical decisions? What was the thought process? Everyone in the engine rooms will tell you that there was no thought process behind this mandate, because if there was, it would have died a quick and quiet death.

Can't see the forest from the trees

brian_'s picture

Again, you've misunderstood. "Economics" is "the social science that studies the production, distribution, and consumption of goods and services." (wikipedia) No one entity has "economics" as you seem to be saying. It is the entire marketplace (and ONLY the entire marketplace) that can have "economics".

You also seem to be looking too closely at the problem, and at completely the wrong level. Certainly you must agree that any argument that claims IP4 has enough addresses for the government to use is a completely shortsighted one. The point of the IP6 move is to look into the future, not the present. Your work on the details of networks has prevented you from seeing the big picture. This is a "big picture" sort of thing, so if you haven't, adjust your perspective accordingly for the rest of this reply.

One of the main ways that the US Government can promote changes in the general marketplace is by USING the marketplace. That is the ultimate ideal of capitalism, which is what drives this country (USA).

Because the OMB realizes that there's a looming problem coming on the Internet (running out of addresses), and that the Internet is now such a critical piece of the economy, they decide to do something about it. The market is not taking care of the problem already because there is a chicken/egg problem. No one will use IP6 because it's not implemented anywhere, and no one will implement it because no one is using it.

They need to break this stalemate. I'll spell it out for you:

Before the IP6 edict:

  • Vendor knows about IPv6, but is not getting any demand for it, so they don't put any effort or money into implementing it
  • Vendor is getting lots of money from its government contracts
  • Some in the general public want IP6, but they can't get it because no vendor is making it, and really, (as you said), it's not a problem right now, and they have more important things to worry about.

You see, the general public is worried about themselves, how they are going to put food on the table and pay their mortgages. They are not worried about the looming global crisis of IP4 address exhaustion that might come sometime in the future. That's one of the things governments should be looking at.

OK, finally, the edict comes out that by this year, the government networks must be able to support IP6.

  • Vendor realizes that if they want to continue to get those lucrative government contracts, they must invest in and develop products that support IPv6, so they do
  • Now that these products are available, the general public can also purchase them, so they now have IP6 support.

The ENTIRE point of the mandate is to force vendors to start making equipment that supports IP6. In the process, it will also cause the kinks to get worked out, and many additional products will begin to show up in the market.

Does it mean that your home-level cable/DSL ISP will implement it right now? No. The next time they buy new hardware, however, it will probably already have IP6 support in it, even if that's 5 years from now.

This is a "long timeline" type of thing. No one is going to be trashing everything they have now just to get IP6. It doesn't make sense. BUT, in a few years, maybe even a decade, all equipment will have IP6 support, then it's just a matter of flipping the switch.

Again down to microsoft.

brendan's picture

From what I've just read Windows XP has very limited support for IPv6. The same has occurred for PNG adoption in internet websites (< I.E 7 little or no support), ODF (no support from Microsoft) and EFI (not supported by Vista (no service pack), XP (all service packs)).

is it just me or are we just pawns in a Microsoft world.

Yes and No

kg4giy's picture

Pawns of Redmond? I would hope we have more free will than that, but when you control large portions of corporate and federal infrastructure, yes, a lot of the decisions are based on what comes out of the Northwest.

XP and Server 2003 have limited support for IPv6, limited to the stack and a couple of text files. The templates and other mechanisms in key pieces of the architecture do not support it. Further, there are some bugs, enough that Redmond had to change the stack for Vista and Server 2008.

We have all heard the old joke, how many Microsoft Engineers does it take to change a light bulb. None, they just declare darkness the new standard. In the old days that might have been the case, but with the deployment of Vista, I think there are some real opportunities to push a different model forward, but it is going to take a lot of work.

Again down to microsoft.

Anonymous's picture

From what I've just read Windows XP has very limited support for IPv6. The same has occurred for PNG adoption in internet websites (< I.E 7 little or no support), ODF (no support from Microsoft) and EFI (not supported by Vista (no service pack), XP (all service packs)).

is it just me or are we just pawns in a Microsoft world.

Who is using IPV6?

Michael Eager's picture

I guess I have to ask: Is anyone using IPV6, except
as a response to preparing for a government mandate?

Other than the every-other-year predictions that we
were going to run out of IP addresses, the Internet will
fail, and it will be the end of the world as we know it,
I seldom hear anything about IPV6.

Do any of the main Internet destinations (google.com,
yahoo.com, microsoft.com, cnn.com, slashdot.com) have
IPV6 connections? If they do, how would I know?

I guess that the government wants to give us all a
push in this direction, but until the core of the
Internet has IPV6, it's going to be real slow going.

It depends on what you want

FredR's picture

It depends on what you want to use it for. I've been an IRC addict for so long I lost track of how long it's been. I've literally met thousands of people online, mostly through IRC. When I saw the #linuxjournal channel on freenode, I became a permanent fixture (flrichar in there).

Yet, I could not think of a good reason to use my IPv6 tunnel from Hurricane Electric. What's sad, this is the second one I've had in so many years. The first one, my account was deleted for inactivity. What kinda network nerd is that?

So I sat in a few channels on freenode recently, and someone popped in on an IPv6 connection. I started getting all exicted! I quickly compiled and ran irssi on my IPv6 gateway machine, and jumped in the channels I was in. I had to find a reason to use it. It was there, and what I was already doing supported IPv6 so I took advantage.

Now, to bring IPv6 connectivity to all of my machines, I'm planning on running several tunnels. Even right into several virtual machines I have. I mean, geesh I only have 18 quintillion addresses to play with (/64).

Noone's gonna come by and place a magic IPv6 tophat on your head. If you want to do it, do it. Find a reason to. Find the initiative, the incentive. Vote with your actions. The largest chain reactions begin with the smallest changes.

-- FLR or flrichar is a superfan of Linux Journal, and goofs around in the LJ IRC Channel

Organic vs Institutional

kg4giy's picture

What you point out is a feature (the nature?) of the success and failure of applications in the Internet herself. The Internet as we know it has grown more through organic success than institutional edict. Applications that succeed are those that are used by the majority of people.

New protocols are introduced daily and others are dying just the same. Forcing the "adoption" of an application or protocol on the Internet is really like yelling into a hurricane.

Fixture

Webmistress's picture

We're very glad to have you in #linuxjournal! :)

Katherine Druckman is webmistress at LinuxJournal.com. You might find her on Twitter or at the Southwest Drupal Summit

Few...

kg4giy's picture

I know that Verio/NTT are, and I suspect that Sprint and AT&T are in support of the Federal Government Networx network (that passes all the traffic). Beyond that I am at a loss to tell you because they are not advertising it if they are (I know NTT is for example because they are held up as the poster child of ISPs for running it native on their backbone).

A good question to ask is how many of the CABLE companies are running it? With more and more traffic flowing over their networks, they are becoming an increasingly large carrier of Internet traffic.

I would be curious to know as well.

Simple questions...

mburns's picture

"Tell me again why the Fed is pushing to convert?"

We are running out of IPv4 addresses and IPv6 is more scalable, secure and robust.

"Now, how do I apply for an IPv6 address block?"

Get an ISP that doesn't suck, or (if you are an ISP, corporation, university, etc) apply directly with IANA directly, as per their publicly stated guidelines that walk you through the process.

My question: Why are you writing poorly researched, inflammatory articles about your experience with the tier 1 tech support from your local telco?

Well...

kg4giy's picture

So, what is missing from this little story:

1) The Federal government is being forced to migrate, not because we are running out of addresses (we are, but that is a different discussion) but because they, OMB, made a unilateral decision three years ago with no technical backing behind it (goes along with the conversion to only 50 gateways that have to be implemented by, I think, the end of June). The problem is that the Fed is in no way ready to make the conversion and IPv6 really is not ready for prime time...at least not the way that the people that managed the federal networks need it to be. I will be the first to agree that the current IPv4 space is becoming limited. However, most of the Federal sector is hiding behind well established NATed address spaces. Converting the backbones to IPv6 is a paperchase.

2) I know HOW to apply. The problem is that I am not technically allowed to go direct to ARIN. My ISP is one of the largest in the United States. Does it suck, yes. Do I have a lot of options? Nope. They are the only providers of DSL in my area. The RFCs and established protocols say I get my addresses from my upstream provider, my ISP. Therefore, I have to apply for them from them. If they are unprepared for those requests, then guess what, they aren't prepared and sadly, they get to say, we do not support this.

3) After two hours of searching the web, the ISPs web site and asking around with those in the know, Tier 1 was my only option. Yes, Tier 1 is not always the best option...sadly, when it comes to the Telcos, it sometimes the ONLY option.

Oh, should I mention that after talking to the ARIN people at FOSE, their recommendation was to contact my ISP first? Generally, one follows the established protocols before violating them.

There's several different

FredR's picture

There's several different ways. Try what I did, a tunnel from HE.net or Earthlink has a (Linux-based) firmware for the popular WRT54G Linksys router.

-- FLR or flrichar is a superfan of Linux Journal, and goofs around in the LJ IRC Channel

Thanks!

kg4giy's picture

Fred,

Yes, there are a number of ways around this. I could always piggy back on my agency's addresses. There are a couple hundred available that will never be used in this decade if at all. What I was really attempting was, to validate what I have been, in background, chasing ever since the move to IPv6 was "announced" by the Fed back in 2005 (2004? It has been a while and my memory that far back is fuzzy).

The move, designed to force the Internet in the US to adopt IPv6, is essentially a flop. Beyond the backbones of the Federal Government, adoption of IPv6 is spotty. Cisco and Foundry gear have supported IPv6 for close to 10 years (probably Juniper and other gear, but since I don't work with it, I cannot say for sure. Take it on faith that it probably does). Linux supports it in the current (2.6) kernel, but I would be hard pressed to remember when it was added in initially because I never really looked for it. It was probably there early on. Some ISPs (notably NTT/Verio) have supported it for a number of years, but mainly because the protocol was already deployed in areas OUTSIDE the United States. There are supposed to be millions of addresses available under IPv6 (the theory goes) and you would think that the ISPs would be handing them out like swag at a convention. The sad part is that most organizations are not even close to being ready to implement IPv6 in any capacity and even fewer are really doing it, even those that support the Federal Government.

A while back, when Java was fairly new, Scott McNealy made an observation. He said that when Java was released, there was only a handful of books on the subject. Within 500 days of its release, there were shelves of books. IPv6 is short on books and really good sites with information (sorry, I am an old time network engineer - I have to take it with me - reading on the web is just too painful to old eyes and a four hour commute does not lend itself well to laptop use).

IPv6 has been available, functionally, for close to 15 years. Reference implementations are still few and far between. The 6bone and others have proven the traffic can be routed, but routing traffic is only a small part of the battle. Applications like DHCP, DNS and protocols like HTTP and FTP have to be able to utilize these new addresses. When we talk about the Federal Government, we are talking primarily a Windows world (for better or worse) and it has not been until Windows 2008 that the applications (not just the stack) have supported IPv6. And that does not cover printer NICs and other "devices" that have to support the protocol.

Yes, there are short cuts. Yes, there are somethings that work...but the goal of IPv6 was to reduce the overhead of management, secure the stream (as much as it could be) and increase the address space. What we have discovered is that the personnel are untrained, security requires more thought than we expected and the implementation is more complicated that anyone had foreseen when the protocol was designed in an era before large scale spam, crackers and session hijacking.

And sadly, like most Federal mandates, this one was not thought through...despite all the good intentions. We all have a long way to go.

David, Fantastic points.

FredR's picture

David,

Fantastic points. I, too am an "old school" (albeit not older) network engineer. In my experience, as I'm sure in yours, I see the world in two types: geeks and non-geeks. In fact I moved 800 miles across the country almost two years ago. In my last job, all my coworkers right up to the VP level were geeks. It was great. At my new job, there's very few. In fact, most are non-geeks. It's very difficult for me.

Don't get me wrong. I love the new state, the new house, the new job (and the weather is nicer). But I kinda miss the geek mentality. What I've noticed is these geeks (or tech types, or engineer types) are really a minority. The majority of people out there are average joes, including plenty policy and decision makers. They can barely wrap their heads around IPv4 let alone IPv6.

So I think the issue is primarily social. Noone wants to fix something they don't percieve as broken. They'll let the "network guys" like us handle it and deal with it. I feel at work I'm understaffed to handle the network I have let alone the one I want, so I do the best I can. And shame on me for settling! My insatiable need for efficency drives me to believe IPv6 is better for everyone.

Ever notice our field is the only one where people expect us to fix social problems? First, email was always "make sure the message is delivered no matter what", now it's "I don't like the type of mail I'm getting (spam)". Can you imagine if we complained to the postal service about junk mail, or the telephone company about wrong numbers? They would say one word: tough.

I believe the internet will split. Those of us like you and I who can find ways to take advantage of IPv6 will begin to use it. The IPv4 internet will continue down a messy road. Those too scared of the new technology will not adopt it. There will be the "old internet" and the "new internet". Want a release from all the pain of the old one? Upgrade. Is it a lot more difficult to understand? Yes. Maybe then you'll see large scale adoption.

-- FLR or flrichar is a superfan of Linux Journal, and goofs around in the LJ IRC Channel

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix