| |||||||||||||
IPv6 *is* like AMDIPv6 *is* like AMDPosted Jan 28, 2011 5:12 UTC (Fri) by lutchann (subscriber, #8872)In reply to: IPv6 *is* like AMD by cmccabe Parent article: LCA: IP address exhaustion and the end of the open net
Transitions (paradigm shifts, in touchy-feely business parlance) happen when the pain associated with the change is outweighed by the advantages of the new way of doing things. The IETF was wrong in its belief that IPv6 had advantages that would motivate a meaningful number of users to change. But, contrary to what many people seem to think, they did put a great deal of effort into trying to minimize the pain of transition. IPv6's undoing was that vendors took years to get anything implemented in products, so every time the IETF came up with a new transition path, it was three to five years obsolete by the time it was available to end users. 1998-- 2002-- 2005-- 2010-- After watching this process for more than a decade, I'm a little skeptical when somebody comes along with a great idea for how the IPv6 transition "should have been done"--it invariably involves going back in time and implementing something that couldn't possibly have been foreseen to be necessary at the time it needed to be implemented.
(Log in to post comments)
IPv6 *is* like AMD Posted Jan 28, 2011 7:06 UTC (Fri) by cmccabe (guest, #60281) [Link]
It's a classic tragedy of the commons problem. Everyone has an incentive to delay doing anything for as long as possible, even though collectively we would all be better off if something was done.
The big mistake is to think that people will do the right thing because it would be better for everyone. That never works. The other big mistake is to think of the internet as a single thing. As well as being a series of tubes, it's also a collection of organizations and individuals who each have their own agenda.
We need some kind of effective carrot or stick to make the individual organizations do the right thing. It could be a government mandate. It could be a feature that you only get if you make your network IPv6 capable.
I almost wonder if it's too late, though. NAT may have won the battle by default. Another poster here said that as soon as blocks of IPv4 addresses start getting major cash value, change will have become impossible-- the same way patent reform is impossible.
IPv6 *is* like AMD Posted Jan 28, 2011 21:31 UTC (Fri) by lutchann (subscriber, #8872) [Link]
The IETF didn't expect anybody to transition to IPv6 because it was "the right thing". They expected people to use IPv6 because of its advantages over IPv4.
What were these supposed advantages? The same advantages that drew people to the Internet originally. Unfettered end-to-end connectivity. The opportunity to participate as an equal without having to pay through the nose. The liberating concept that you could plug in anywhere without having to worry about what kind of access you get and what the tariffs look like.
Fifteen or twenty years ago, the IPv4 Internet gave people freedom from the tyranny of buying ISDN circuits or paying exorbitant fees to be a mere "terminal" on an X.25 network. Today the IPv6 Internet gives people freedom from the cruft that litters IPv4 today as a result of the scarcity of addresses and the widespread use of NAT.
As it turns out, the people who want these things have already been using IPv6 for years. We apparently account for 0.2% of the Internet's user base.
The telcos had it right to begin with. Most people just want a dumb terminal. Provider-side NAT is as good as IPv6, as long as the Youtubes still work.
IPv6 *is* like AMD Posted Jan 29, 2011 9:43 UTC (Sat) by TRS-80 (subscriber, #1804) [Link] Except that unfettered end-to-end connectivity isn't desirable any more, as Apple found out when it enabled IPv6 without a firewall. At which point you have to start running ALGs like if you're doing NAT.
IPv6 *is* like AMD Posted Jan 29, 2011 18:31 UTC (Sat) by lutchann (subscriber, #8872) [Link]
Well, right. The IETF thought that what people really wanted was a circa-1992 Internet, and they'd put up with a little transition pain to get back there. They were wrong, and that's why nobody switched.
My point was that the IETF wasn't so naive as to think that the world would move to a new protocol simply because it was "the right thing to do". Their mistake was in misjudging the perceived value that IPv6 had over IPv4.
Their cost/benefit analysis was all wrong. Posted Jan 31, 2011 0:51 UTC (Mon) by khim (subscriber, #9252) [Link] My point was that the IETF wasn't so naive as to think that the world would move to a new protocol simply because it was "the right thing to do". Their mistake was in misjudging the perceived value that IPv6 had over IPv4. Their mistake was in overestimating interest and underestimating price. Repeatedly. The initial plan called for the upgrade of everything on ISP level - the idea was that customers will push the ISPs and they will install IPv6-capable hardware/software. Of course there are huge number of people who want "circa-1992 Internet" but few of them care enough to endlessly pester ISPs. And since for ISP IPv6 is pure headache without any gain they just ignore these people anyway. The fact that the people who felt "little transition pain" in this scenario and people who benefited from the transition were different people doomed that plan. The next plan provided end-to-end connectivity to some people. To the ones who have "white" IPv4 address - it was not done as easy and elegantly as in DJB's plan, but it was done. Good idea? Nope: the people with "white" IPv4 address are precisely the people who don't need IPv6 at all! It's kinda hard to ask someone to feel "a little pain" and get end-to-end connectivity if said someone already have end-to-end connectivity! The next plan was the most sane one: it provided connectivity to people who are behind NAT. These are the people who really need/want IPv6! Sadly it took too long to develop this plan: it works only with UDP-punchable NATs and by the time it was usable most NATs were multiple-layers stateful NATs. So this plan failed as well. What next? Well, one way will be to design something usable for the people with multiple layers of stateful NATs - and/or wait for the new wave of users with intrinsic IPv6 support (LTE users, for example are supposed to be like that). But the key are new users, not the existing users! It's obvious: This is why DJB's plain is so crazy: it introduces additional complexity to the IPv6 for the sake of minor convenience of some people who are not part of the solution to the "IPv6 deployment problem" at all!
Their cost/benefit analysis was all wrong. Posted Jan 31, 2011 2:36 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
the problem with your 'solution' being new users is that the new users still want to talk to everything on the existing IPv4 Internet, and for that a globally routed IPv6 address does them no good.
they may get by with their ISPs doing NAT64, but if each ISP is doing NAT64 before the traffic leaves that ISP, and the ISPs do not want the users to be running servers (see their various terms of service if you doubt this), then why should the ISPs bother to expose and route the underlying IPv6 addresses instead of just having everything go through the NAT64 boxes?
This is not a whole solution, true. Posted Jan 31, 2011 12:19 UTC (Mon) by khim (subscriber, #9252) [Link] the problem with your 'solution' being new users is that the new users still want to talk to everything on the existing IPv4 Internet, and for that a globally routed IPv6 address does them no good. Sure, but this is the first step. There are many ways to exploit even simple ubiquitous point-to-point connectivity between two points you control. Think remote desktop, remote play, access to your home video library, etc. Once most people have IPv6 access (used for point-to-point connections mostly) you can start to use it to build P2Ps on top, etc. But this plan falls apart because IPv6 is about the worst technology for the point-to-point connectivity in today's internet. Different forms of VPN, SSL tunnels, etc are much better for that. they may get by with their ISPs doing NAT64, but if each ISP is doing NAT64 before the traffic leaves that ISP, and the ISPs do not want the users to be running servers (see their various terms of service if you doubt this), then why should the ISPs bother to expose and route the underlying IPv6 addresses instead of just having everything go through the NAT64 boxes? Forget about ISPs already! Any transition plan which starts with "ISPs must do ..." is doomed from the onset. The most you can expect from them is indifference. Some of them will actively fight IPv6 but most of them will just ignore it's existence when they discuss different plans. ISPs will join when there will be active IPv6 community and people will actively demand IPv6 - not before.
This is not a whole solution, true. Posted Jan 31, 2011 22:25 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
but there is a catch 22 here:
why would anyone demand IPv6 until there are any IPv6-only resources?
and why would anyone ever willingly deploy an IPv6-only resource if the vast majority of users will not be able to reach it?
until something breaks this stalemate how will IPv6 gain any traction?
Have you actually read what I wrote? Posted Feb 1, 2011 15:18 UTC (Tue) by khim (subscriber, #9252) [Link] why would anyone demand IPv6 until there are any IPv6-only resources? Have you actually read what I wrote? IPv6 promised "end-to-end connectivity". You can use end-to-end connectivity for a lot of things besides accessing public IPv6-only resources. You can access your own resources: console in your living room, NAS with your collection of MP3s and videos, etc. Sadly IPv6 in it's current form can not be used for this: there are no simple way to connect to IPv6 network from behind multilevel stateful NAT (cheapest and the most common version of Internet access available). Yes, you can use, for example, stunnel to reach some kind of bastion host and use said bastion host to enable access to IPv6... but why will you do that? If you've connected your console or NAS with bastion host you can as well just connect directly to the bastion host without adding IPv6 to the mix! and why would anyone ever willingly deploy an IPv6-only resource if the vast majority of users will not be able to reach it? This is correct question - and the answer is simple: it's Ok if the resource is intrinsically designed to be only accessible by very limited number of users. I've shown some examples above, but you can invent many other similar uses. Some of them will not use IPv6 for that anyway (for example for a lot of organizations it's better to deploy their own VPN because it's more secure), but some of them may do. For it to be useful you need some simple way of obtaining connection to IPv6 network - and currently all simple ways assume that ISP will do that. And ISPs are the last persons to participate in such plan. until something breaks this stalemate how will IPv6 gain any traction? Poorly are we can see.
That's the problem... Posted Jan 29, 2011 12:38 UTC (Sat) by khim (subscriber, #9252) [Link] What were these supposed advantages? The same advantages that drew people to the Internet originally. Unfettered end-to-end connectivity. The opportunity to participate as an equal without having to pay through the nose. The liberating concept that you could plug in anywhere without having to worry about what kind of access you get and what the tariffs look like. Wow! That's cool promise. I really like it. I have it. Kinda. I'm almost always connected to VPN and anyone who's connected to our VPN can reach me easily. It's stunnel-based VPN so it works almost everywhere - and this is really cool. But how can I actually cash in on that promise in case of IPv6? The answer is simple: I can not. 6to4 does not work with NATs at all while teredo only works with "mild" NATs with working UDP hole-punching. Compare it with other technologies which promised "to participate as an equal" (like Skype or Tor): they use all available technologies to create working tunnels. Somehow all these IPv6 technologies are designed to give "unfettered end-to-end connectivity" to the people who already have unfettered (or barely fettered) IPv4 connectivity! WTF? Why will I do anything to get what I already have? DJB's idea is stupid for the same reason: it gives access to the people who already have "white" IPv4 address and who's ISP was farsighted enough to enable IPv6 support on routers. These people are people who least interested in IPv6 because it does not give them anything worthwhile! The telcos had it right to begin with. Most people just want a dumb terminal. Provider-side NAT is as good as IPv6, as long as the Youtubes still work. Sorry, but no. There are lots of people who need more then dumb terminal. Me, for example: I regularly work with programs which are installed on server in our office and need unfettered acceess to my workstation. SSLvpn gives access to me. I can attach my laptop to the network in hotel or cafe, start my vpn script - and voila: I can talk to servers in our office, these servers can talk to my laptop, everyone is happy. IPv6 gives excuses to me instead. I can attach my laptop to the network in hotel or cafe, start miredo and see list of the reasons for why it does not work. Rarely (if ever) I've seen working ipv6.google.com... and this is 20 years after IPv6 effort started. P.S. Oh, and of course I can use my SSLvpn connection to reach IPv6 internet via our office... but why will I want that? This will be transition to IPv6 because it was "the right thing". Connectivity problem was already solved for me with SSLvpn, so I can safely forget about IPv6...
That's the problem... Posted Jan 29, 2011 22:34 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
I am like you and want end-to-end connectivity for my connection.
but I don't want the end-to-end connectivity for my Grandmother.
and users like my Grandmother outnumber users like you and me by something like 1000-1
Of course my Grandmother needs end-to-end connecitvity! Posted Jan 31, 2011 0:24 UTC (Mon) by khim (subscriber, #9252) [Link] but I don't want the end-to-end connectivity for my Grandmother. Why the heck no? How can I help my Grandmother if her computer will not be reachable from outside? But again: SSL gives me what I want, IPv6 does not. Not all people desire end-to-end connectivity, but there are a lot of people who do. Yet IPv6 technologies are designed to provide said end-to-end connectivity to the people who already have it (if they have "white" IPv4 address then they already have end-to-end connectivity and if their firewall supports "UDP hole punching" then there are tons of IPv4 technologies which can be used to establish end-to-end connectivity). DJB's plan is crazy for the same reason: it improves IPv6 accessibility for the people who don't need it!
IPv6 *is* like AMD Posted Feb 1, 2011 10:21 UTC (Tue) by Cato (subscriber, #7643) [Link]
I don't see why IPv4 blocks having a large cash value makes IPv6 less likely to happen - surely if the direct cost of using IPv4 address space rises considerably, that creates a strong economic drive to find a cheaper solution?
The bigger costs of staying with IPv4 for content providers are considerable - SEO (search engine optimisation) and the increased use of SSL tends to require a unique IP address for each domain, yet server side NAT or Apache virtual hosting breaks that. More generally, the huge cost of bypassing multiple NAT layers for complex applications will become an increasing issue.
This is more complex than that... Posted Feb 1, 2011 16:04 UTC (Tue) by khim (subscriber, #9252) [Link] I don't see why IPv4 blocks having a large cash value makes IPv6 less likely to happen - surely if the direct cost of using IPv4 address space rises considerably, that creates a strong economic drive to find a cheaper solution? Not right away. Think SMS. The global average price of SMS is 3 cents. It's much higher then you need to actually send it, so SMS are generating substantial profits for operators yet it makes no sense for the companies to try to replace SMS with anything: to do that you must spend billions of dollars and to justify such cost you need to send hundreds of billion of SMS per months - and nobody sends this much. Situation with IPv4 addresses is the same: to replace it with something (IPv6 or anything else) you must spend billions of dollars (perhaps tens of billion of dollars) and it's just stupid when price of one IPv4 address is low enough (typical price for IPv4 address today is between $2 and $5). The bigger costs of staying with IPv4 for content providers are considerable - SEO (search engine optimisation) and the increased use of SSL tends to require a unique IP address for each domain, yet server side NAT or Apache virtual hosting breaks that. The same problem: people who feel the pain and people who can do something are different people. We need some kind of peacemeal plan or it'll not work.
This is more complex than that... Posted Feb 1, 2011 18:35 UTC (Tue) by Cato (subscriber, #7643) [Link]
Actually SMS is being replaced to some degree by mobile-based instant messaging, including push notifications, which provides some new features and are much lower cost. Many of the 4G LTE networks don't yet support SMS despite being from the same mobile operators.
Expensive IPv4 blocks mean that the price of hosting a website on IPv6 is cheaper, or getting IPv6 access via broadband, so ultimately this will have an effect. A similar example: the price difference between Windows and Linux web hosting is one reason why Windows only has about 20% of the market there, which illustrates this can happen despite switching costs. The price difference per month is only a few dollars for Windows vs. Linux but it does have a market impact, and totals to a big impact on Microsoft's potential revenues.
Going IPv6 on a webhost is not that expensive initially - they must ensure the OS is configured OK on the servers they start with, and provide a 6to4 tunnel to someone like Hurricane Electric. That's all endpoint configuration and can be the end of phase 1 - only once they get customers on IPv6 do they need to look to a native IPv6 end to end with an IPv6 upstream, which can be phase 2 once they have IPv6-driven revenues. Much easier to make the business case.
Ultimately the customers of webhosts will decide - if they get more problems with IPv4 due to NAT, they will ask their webhosts for IPv6, and some of them will switch to hosts that do provide IPv6.
|
|||||||||||||