LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

IPv6 *is* like AMD

IPv6 *is* like AMD

Posted Jan 29, 2011 9:43 UTC (Sat) by TRS-80 (subscriber, #1804)
In reply to: IPv6 *is* like AMD by lutchann
Parent article: LCA: IP address exhaustion and the end of the open net

Except that unfettered end-to-end connectivity isn't desirable any more, as Apple found out when it enabled IPv6 without a firewall. At which point you have to start running ALGs like if you're doing NAT.

(Log in to post comments)

IPv6 *is* like AMD

Posted Jan 29, 2011 18:31 UTC (Sat) by lutchann (subscriber, #8872) [Link]

Well, right. The IETF thought that what people really wanted was a circa-1992 Internet, and they'd put up with a little transition pain to get back there. They were wrong, and that's why nobody switched.

My point was that the IETF wasn't so naive as to think that the world would move to a new protocol simply because it was "the right thing to do". Their mistake was in misjudging the perceived value that IPv6 had over IPv4.

Their cost/benefit analysis was all wrong.

Posted Jan 31, 2011 0:51 UTC (Mon) by khim (subscriber, #9252) [Link]

My point was that the IETF wasn't so naive as to think that the world would move to a new protocol simply because it was "the right thing to do". Their mistake was in misjudging the perceived value that IPv6 had over IPv4.

Their mistake was in overestimating interest and underestimating price. Repeatedly.

The initial plan called for the upgrade of everything on ISP level - the idea was that customers will push the ISPs and they will install IPv6-capable hardware/software. Of course there are huge number of people who want "circa-1992 Internet" but few of them care enough to endlessly pester ISPs. And since for ISP IPv6 is pure headache without any gain they just ignore these people anyway. The fact that the people who felt "little transition pain" in this scenario and people who benefited from the transition were different people doomed that plan.

The next plan provided end-to-end connectivity to some people. To the ones who have "white" IPv4 address - it was not done as easy and elegantly as in DJB's plan, but it was done. Good idea? Nope: the people with "white" IPv4 address are precisely the people who don't need IPv6 at all! It's kinda hard to ask someone to feel "a little pain" and get end-to-end connectivity if said someone already have end-to-end connectivity!

The next plan was the most sane one: it provided connectivity to people who are behind NAT. These are the people who really need/want IPv6! Sadly it took too long to develop this plan: it works only with UDP-punchable NATs and by the time it was usable most NATs were multiple-layers stateful NATs. So this plan failed as well.

What next? Well, one way will be to design something usable for the people with multiple layers of stateful NATs - and/or wait for the new wave of users with intrinsic IPv6 support (LTE users, for example are supposed to be like that).

But the key are new users, not the existing users! It's obvious:
1. If explosion of the Internet continues then new users will outnumber old users very soon - and if explosion is finished then we can forget about IPv6 altogether.
2. New users need to setup everything anyway, they need to fill the papers, call the support, etc. They may as well do something extra to gain that end-to-end connectivity.
3. ISPs need to setup new hardware/software to support new users anyway (if there are enough of them, of course), they may add IPv6 to the mix if enough new users will complain that it's slow and unreliable (but it must work for them or else they'll not know how cool it is).

This is why DJB's plain is so crazy: it introduces additional complexity to the IPv6 for the sake of minor convenience of some people who are not part of the solution to the "IPv6 deployment problem" at all!

Their cost/benefit analysis was all wrong.

Posted Jan 31, 2011 2:36 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]

the problem with your 'solution' being new users is that the new users still want to talk to everything on the existing IPv4 Internet, and for that a globally routed IPv6 address does them no good.

they may get by with their ISPs doing NAT64, but if each ISP is doing NAT64 before the traffic leaves that ISP, and the ISPs do not want the users to be running servers (see their various terms of service if you doubt this), then why should the ISPs bother to expose and route the underlying IPv6 addresses instead of just having everything go through the NAT64 boxes?

This is not a whole solution, true.

Posted Jan 31, 2011 12:19 UTC (Mon) by khim (subscriber, #9252) [Link]

the problem with your 'solution' being new users is that the new users still want to talk to everything on the existing IPv4 Internet, and for that a globally routed IPv6 address does them no good.

Sure, but this is the first step. There are many ways to exploit even simple ubiquitous point-to-point connectivity between two points you control. Think remote desktop, remote play, access to your home video library, etc. Once most people have IPv6 access (used for point-to-point connections mostly) you can start to use it to build P2Ps on top, etc. But this plan falls apart because IPv6 is about the worst technology for the point-to-point connectivity in today's internet. Different forms of VPN, SSL tunnels, etc are much better for that.

they may get by with their ISPs doing NAT64, but if each ISP is doing NAT64 before the traffic leaves that ISP, and the ISPs do not want the users to be running servers (see their various terms of service if you doubt this), then why should the ISPs bother to expose and route the underlying IPv6 addresses instead of just having everything go through the NAT64 boxes?

Forget about ISPs already! Any transition plan which starts with "ISPs must do ..." is doomed from the onset. The most you can expect from them is indifference. Some of them will actively fight IPv6 but most of them will just ignore it's existence when they discuss different plans. ISPs will join when there will be active IPv6 community and people will actively demand IPv6 - not before.

This is not a whole solution, true.

Posted Jan 31, 2011 22:25 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]

but there is a catch 22 here:

why would anyone demand IPv6 until there are any IPv6-only resources?

and why would anyone ever willingly deploy an IPv6-only resource if the vast majority of users will not be able to reach it?

until something breaks this stalemate how will IPv6 gain any traction?

Have you actually read what I wrote?

Posted Feb 1, 2011 15:18 UTC (Tue) by khim (subscriber, #9252) [Link]

why would anyone demand IPv6 until there are any IPv6-only resources?

Have you actually read what I wrote? IPv6 promised "end-to-end connectivity". You can use end-to-end connectivity for a lot of things besides accessing public IPv6-only resources. You can access your own resources: console in your living room, NAS with your collection of MP3s and videos, etc.

Sadly IPv6 in it's current form can not be used for this: there are no simple way to connect to IPv6 network from behind multilevel stateful NAT (cheapest and the most common version of Internet access available). Yes, you can use, for example, stunnel to reach some kind of bastion host and use said bastion host to enable access to IPv6... but why will you do that? If you've connected your console or NAS with bastion host you can as well just connect directly to the bastion host without adding IPv6 to the mix!

and why would anyone ever willingly deploy an IPv6-only resource if the vast majority of users will not be able to reach it?

This is correct question - and the answer is simple: it's Ok if the resource is intrinsically designed to be only accessible by very limited number of users. I've shown some examples above, but you can invent many other similar uses. Some of them will not use IPv6 for that anyway (for example for a lot of organizations it's better to deploy their own VPN because it's more secure), but some of them may do. For it to be useful you need some simple way of obtaining connection to IPv6 network - and currently all simple ways assume that ISP will do that. And ISPs are the last persons to participate in such plan.

until something breaks this stalemate how will IPv6 gain any traction?

Poorly are we can see.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds