IPv6 Ignorance

I came across these threads today; the blind ignorance towards IPv6 from
some of the posters is kind of shocking. It's also pretty disappointing
if these are the people providing internet access to end users. We focus
our worries on the big guys like AT&T going IPv6 (which I'm sure but
they're slow), but these small operators are a much bigger problem.

http://forum.ubnt.com/showthread.php?p=355722

http://forum.ubnt.com/showthread.php?t=53779

~Seth

Wow... my brain hurts after reading that. The saddest part is, there are folks with IPv6 allocations that simply refuse to implement dual stack.

--John

I think Owen's head may explode if he reads it.

~Seth

Agreed. I'm dual-stacked at work, and things work just fine. The only gripe I heard when dual-stack was turned on was that some sites were a bit slower to respond, because some OSs were trying to resolve DNS requests serially. Beyond that, smooth sailing...

jms

There are some pretty impressive quotes there to take away ..

>"We are totally convinced that the factors that made IPv4 run out of addresses will remanifest >themselves once again and likely sooner than a lot of us might expect given the "Reccomendations" for >"Best Practice" deployment."

If I am understanding this quote correctly the author is worried IPv6 will run out of addresses so won't make the switch... Granted only 1/8th of the IPv6 space has been allocated for internet use but that number is still so mind-boggling _huge_..

But what does worry me is a lot of peoples inability to future proof themselves, it seems a lot of people would rather wait until its too late or things are falling apart and react rather than protectively getting a migration or even support package in place in-case v4 just "stops working". And by "stops working" I mean some big service provider decides to shoot itself in the foot and just switch off IPv4 support for their services, not likely to happen any-time in the near future but still a possibility.

-- mitch

You will always have someone who doesn't understand. But every network operator should have a sense of responsibility to learn IPv6 and implement dual stacking. To be honest, in 2004/2005 I decided not to dive into IPv6 heavily but everyone has a "wake up" call. All we can do is keep stressing the urgency to implement IPv6 period. Not all UBNT users have a want to implement IPv4.

Considering, that its easy, simple, affordable wireless gear. The result, pretty much anyone wanting to start a WISP and make money with none to little network experience, let alone the responsibility period to implement BCPs or follow RFCs. Further, most o f the users that use UBNT gear, IMHO mostly have space from their upstreams and not PI. Although, is probably a small point but it still adds to the IPv4 table end of day.

I'd have to say there are moderators and users pushing IPv6 on the forum. It was a good move for UBNT on the latest release of firmware. So, I guess that's the "wake up" call those operators using UBNT (not IPv6 already) needed. But then again you will have those that say "if it ain't broke, don't fix it".

Otis

It was brought to my attention that the second link isn't open to the
public, sorry about that, I forgot to check them in a separate browser.
The attitudes are the same though.

~Seth

We should support dual stack, as someone may stop supporting
IPv4 in addition to IPv6, because dual stack costs so much.

            Masataka Ohta

Let me shed some light here..... (Being familiar with both communities... Nanog and WISP's )

WISP's are a very special breed of folks. There are a few common attributes that one has to recognize about them.
1. Most WISP's are not Technical Folks. (Most of them are Farmers or from other totally non-technical fields).
2. Most of them became operators not because they wanted to or it made business sense. but simply because there was not Service available in that area.
3. They are very hardworking, innovative group, but at the same time they are also a bit on the 'eccentric' side when comes to technology, and understanding technology.
4. Most of them have outsourced folks managing their networks. (these folks are very qualified and familiar with networking)

So, in contrast, while NANOG community is full of folks who develop / write RFC's for Global networks, WISP community is mostly Rural folks who were forced to 'piece a network' together because no-one would serve them....

Don't be alarmed by the discussion on UBNT list or any other WISP list.....Most WISP's are typically very small network operators (sub 500 subscribers, there are some large ones too but their opinions and technical understanding is very different.) and tend to setup their network the 'Easy way'.... You will find them to be about the very last folks to adapt IPv6...(to make my case and point .... A lot of them are still running Bridge Networks, and just starting to convert to Routed Networks). They are not known for Leading Edge network operators with the exception of when it comes to 'Wireless Radios'.

A lot of them are very comfortable with using Private IP's and NAT to provide service to their customers.

Worry about them .... No need.
Need for Education on IPv6 ... Absolutely Yes.... We all can use as much as we can get.
And, we all are also hampered by IPv6 support / or lack of it, from the equipment mfg. that we are using in our networks.

Hope this makes sense.

Faisal Imtiaz
Snappy Internet & Telecom

Very good points. Having been in the WISP industry for more than 10 years
now. I know WISPs who have thousands of customers and only 1 or 2 class C
addresses. The need for public routable IP addresses is not that much of
a concern for them. Plus, a good majority of WISP equipment does not
support IPV6.

  Sure a WISP is technically an ISP but, like Faisal says, its a much
different business.

  Justin

I would suggest it's irrational thinking resulting from negative
experience with IPv4.
The rate of IPv6 exhaustion depends on how the resource is managed,
and the method of resource management can change, if the rate of
consumption is higher than expected.

There is not a coherent credible mathematical argument for exhaustion
risk of IPv6 that has been made, you would have to make assumptions
about what resource management policy and demands will be now and in
the future, and there are no published models of IPv6 consumption
i've seen.

Anyways, if it becomes a problem in the future, there would be plenty
of time to create a new protocol, or using an existing protocol using
NSAP addresses. Right now, IPV6 is the coherent option we've got.

It's not reasonable to infer IPv6 suffers the same address shortage
problem within 100 years, until there is a coherent model. We have
not even heard about 48-bit MAC addresses being on the verge of
exhaustion yet, obviously because there is no apparent danger for the
forseeable future, and IPv6 has 64 bits available for network
identification and 128 bits available for host identification.....

If I am understanding this quote correctly the author is worried IPv6
will run out of addresses so won't make the switch... Granted only 1/8th
of the IPv6 space has been allocated for internet use but that number is
still so mind-boggling _huge_..

I would suggest it's irrational thinking resulting from negative
experience with IPv4.

IPv6 has its problems, but running out of addresses is not one of them.

For those of us worried about abuse management, the problem is the
opposite, even the current tiny sliver of addresses is so huge that
techniques from IPv4 to map who's doing what where don't scale.

R's,
John

PS: For anyone planning to suggest that we just ignore the low 64
bits, that doesn't help.

IPv6 has its problems, but running out of addresses is not one of them.
For those of us worried about abuse management, the problem is the
opposite, even the current tiny sliver of addresses is so huge that
techniques from IPv4 to map who's doing what where don't scale.

Well, in IPv4... NAT broke it, because networks implementing 1:many
NAT could no longer easily identify what host was responsible for
abuse.

What do you mean by suggesting IPv4 abuse management
techniques to map whose doing what, where do not scale to
IPv6's larger address space?

There's no reason you can't provide accurate WHOIS
information with the larger address space..

IPv6 has its problems, but running out of addresses is not one of them.
For those of us worried about abuse management, the problem is the
opposite, even the current tiny sliver of addresses is so huge that
techniques from IPv4 to map who's doing what where don't scale.

Well, in IPv4... NAT broke it, because networks implementing 1:many
NAT could no longer easily identify what host was responsible for abuse.

I realize that's a problem in theory, in practice it's not because it's still rare to have interestingly different hosts behind a single NAT.

What do you mean by suggesting IPv4 abuse management techniques to map whose doing what, where do not scale to IPv6's larger address space?

Large networks keep separate reputation for every address in the IPv4 address space based on the traffic they send. You can't do that in IPv6, particularly since hostile bots can easily hop around within a /64, which is bad news if that /64 also has some legit hosts.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

Large networks keep separate reputation for every address in the IPv4
address space based on the traffic they send. You can't do that in IPv6,

That's true, but not an intended system for identifying and reporting abuse,
and the same idea occurs with IPv4 -- bots can just grab other IP
addresses in the subnet,
if there are not local protections in place to ensure a host cannot
ARP an IP that is not assigned to it...

So keep track of reputation of legitimate hosts instead of
"non-legitimate" hosts.
Maintain negative reputation at a /64 or shorter prefix level, and favorable
reputation at a /128 level.

If you have abuse detected on a /64, then treat the entire /64 as
having a damaged
reputation, except for the /128s on the /64 that have a prior
positive reputation.

The identical thing cannot be done with IPv6, but reputation systems
are still possible.

IPv6 has its problems, but running out of addresses is not one of them.
For those of us worried about abuse management, the problem is the
opposite, even the current tiny sliver of addresses is so huge that
techniques from IPv4 to map who's doing what where don't scale.

Well, in IPv4... NAT broke it, because networks implementing 1:many
NAT could no longer easily identify what host was responsible for abuse.

I realize that's a problem in theory, in practice it's not because it's

still rare to have interestingly different hosts behind a single NAT.

What do you mean by suggesting IPv4 abuse management techniques to map

whose doing what, where do not scale to IPv6's larger address space?

Large networks keep separate reputation for every address in the IPv4

address space based on the traffic they send. You can't do that in IPv6,
particularly since hostile bots can easily hop around within a /64, which
is bad news if that /64 also has some legit hosts.

Of course, as soon as CGN (or LSN or NAT444) is added to IPv4 the same
problem exists in practice as well as theory. So old practices will have to
be improved and replaced regardless.

[ yes, there are a lot of idiots out there. this is not new. but ]

"We are totally convinced that the factors that made IPv4 run out of
addresses will remanifest themselves once again and likely sooner than
a lot of us might expect given the "Reccomendations" for "Best
Practice" deployment."

while i am not "totally convinced," i am certainly concerned. we are
doing many of the same things all over again. remember when rip forced
a homogenous, often classful, mask length in a network and we chewed
through /24s? think /64 in ipv6, except it's half the bits not 1/4 of
them. remember when we gave out As and Bs willy nilly? look at the
giant swaths of v6 we give out today in the hopes that someone will
deploy it.

and don't bs me with how humongous the v6 address space is. we once
though 32 bits was humongous.

randy

No we didn't .

Mike

and don't bs me with how humongous the v6 address space is. we once
though 32 bits was humongous.

[snip]

When you consider that IPv6 is a 64-bit address space, that is 64
bits are for addressing subnetworks, the "/64 spend" for
addressing hosts within a network as compared to v4 is 0%, not
50%.
And there are twice as many IPv6 bits for addressing such /64s, as
the entire IPv4 address space.

2^64 minus 2^32 is a humongous number indeed, and we know
numerically just how humongous it is.

The RIRs can collectively hand out 450 /32s a day or one /24
and one /25's worth a day, for the next 100 years, before a single
/8 would be exhausted.

And if IPv6 addressing resources last 100 years, I would say, that
the objective was more than met.

Giving out a /48 to every person on earth uses approximately 2^33 networks, meaning we could cram it into a /15. So even if we have 10 /48s at home from different providers, we're still only using a small fraction of the first /3. If we get this wrong, we have several more /3s to get it right in.

You already know this, and I can't really believe that people sat down in the 70ties and 80ties and said "there is never going to be more than 128 large corporations that need a /8 in IPv4" ?

I start to get worried when people want to map 32 bits into IPv6 in several places, for instance telling all ISPs that they can have a /24 so that we can produce IPv4 mapped /56 to end customer, and make this space permanent. Temporary is fine, permanent is not.

So I agree with you that there is still a risk that this is going to get screwed up, but I don't feel too gloomy yet.