Organisations failing to migrate to IPv6

Migration to the new Internet Protocol version 6 (IPv6) standard is virtually non-existent, according to a year-long study released this week by network security firm Arbor Networks. Experts and governments have been encouraging organisations to migrate to the new protocol because the current 20 year-old IPv4 is fast running out of available addresses.

IPv4 addresses could in fact run out as early as 2010, according to Scott Iekel-Johnson, principle software engineer at Arbor Networks. The firm used data from over 80 of its ISP partners and customers to determine the amount of IPv6 traffic on the internet. Arbor Networks found that the proportions of IPv6 and IPv4 traffic has stayed roughly the same over the past year. The report also found that IPv6 traffic is still a tiny percentage of overall internet traffic. There were 6Mbps of IPv6 traffic by the end of July compared to 4Tbps of IPv4 traffic.

View: The full story @ vnunet

Report a problem with article
Previous Story

Nokia admits major Series 40 security problems

Next Story

AMD (ATI) Catalyst 8.8

35 Comments

Commenting is disabled on this article.

these "experts" have been saying that IPv4 addresses would run out years ago... now it's "as early as 2010." 2010 will come and go and then it'll be "as early as 2015."

Please remember that this is about mathmatical estimates. This is an issue that WILL happen! You are blowing this off like as if it's something that probably won't (or might not) happen. It will happen sooner or later as it's all about the numbers

I think the router in home networks is often a weak point. But an even weaker point is on the ISP side, where the ISP usually provides a ipv4 gateway only.

The edge router on the ISP end is often a weaker point than the home router. Every Linksys home router sold within the past two years (at minimum) supports IPv6 via the tunnel-broker method either directly or via firmware-swap (the same is true of their clones as well). Not ten percent, twenty-five percent, or even fifty percent, but one HUNDRED percent. My own Linksys router (WRT54GS) is actually three years old; however, the design dates back to 2003, and I have three different series of IPv6-compliant firmware choices (none from Linksys or Cisco, oddly enough). However, the weakness is at my ISP's end (it's not just Comcast, my current ISP; Verizon is even further behind in IPv6 compliance for residential customers than Comcast, despite FIOS and the largest GPON deployment on the planet), not mine (all three of my OS clients - Vista Ultimate, openSuSE 11, and OS X Leopard, explicitly support link-local IPv6).

Modern OSs configure link-layer IPv6 addresses for interfaces, depending on the mac address.. but for "singling-out" purposes, I would say.

Windows Vista sets up IPv6 and IPv4 on all the network connections by default. I figure my home will be ready for whenever my ISP makes the switch. My ISP is Qwest, so probably the day before they have to do it. I anticipate a lot of people with Internet downtime on the horizon.

Would it be possible for ISP's to switch to IPv6 however keep LANs IPv4??

This would solve the problem of the "easy to remember" thing...

Huh? Buy any router now and generally it will support IPv6 no problem. Enterprise gear has had it for years.

Plus most companies do hardware replacements every 3-5 years. Just brought a new Juniper firewall and a new SSL VPN device as well as replacing our Cisco router. All come with IPv6 support by default.

Sounds like another Y2K in the making. It should be pretty easy to make the switch, and that's what everyone's thinking. "It's easy so we'll just do it when it at the last second".

(Ricky Smith said @ #8)
My router supports IPv6 and I didn't pay much for it 250.00

You can also get a WRT54GL for $50 and throw openwrt/dd-wrt/etc. on it.

(japroach said @ #8.2)

You can also get a WRT54GL for $50 and throw openwrt/dd-wrt/etc. on it.

That's for support via the tunnel-broker method (the most common way to deploy end-user IPv6 today). Both DD-WRT and OpenWRT support this method (however, Tomato, the most common non-Linksys/non-Cisco firmware for WRT-type routers, does not). IPv6 support via tunnel-broker in routers is a lot less than $100, as most WRT-type routers (all the way back to the version 2.x WRT-54G/GL/GS, which is still found on a lot of retail shelves) support it via firmware swap. The issue I was referring to is support via other means than the tunnel-broker method. Native IPv6 support in the US (in fact, in North America) severely trails that of Asia (however, in Asia, the government-mandate method is responsible for forcing a lot of IPv6 deployment). I'm not saying that the mandate-method is either right or wrong; however, that's the way the data reads.

ok silly question i know but how d you assign a static ipv6 address and how would you remember what ipv6 address belonged to what machine on an ipv6 network ? thing with ipv4 is i can memorize all the static ips on my network and if i want to ping a machine i know the ipv4 address as its easy to remember. Ipv6 really isnt needed for the average home user

The big part of the problem is that there are no inexpensive edge devices that support routing IPv6. If you want to route IPv6 today, you have to set aside a computer to handle the task. Also, outside of Asia (where the demand for IP addresses is greatest), there's no real *push* for IPv6 outside of mandated conversions in governmental entities in Europe and North America. The support at the client level has been there for a few years (Linux, UNIX, Windows Vista, and OS X Leopard all directly support IPv6 today), but it's that vast middle area that still lacks IPv6 support (how inexpensive is the lowest-priced router from Cisco that supports IPv6, for example). In order for IPv6 deployment to fly, it

1. Has to be mandated, such as OMB is doing in the United States government

OR

2. It has to be something that can be done without it becoming a capex monster (corporate boards do NOT want big capex expenses, even if there are large bennies down the road; they don't want to take the chance of being lynched by their bondholders)

Right now, converting to IPv6 is not mandated, and is largely still monstrously expensive to do. Natually, corporate world is avoiding doing so as long as is feasible.

I know; nobody likes a mandate (I like the idea about as much as root-canal surgery). However, how do you get over not just antipathy, but *understandable antipathy* towards spending a major pile of money where none of the benefits are obvious, short-term or long-term, without it?

That's because not many ISPs are switching to assigning IPv6 addresses so no routers are being made that support IPv6 which means no NICS...

I tried an ipv6 tunneling (over ipv4). Everybody should be going for it.. not the tunneling but the whole ipv6. I found it to be reliable (I configured my local network as an ipv6 network aswell, using addresses asigned by the "tunnel broker". So all of them were 'external' ips even though they were behind a NAT in the ipv4 world. I had to configure one of the PCs as a router though)

My home network is IPV6. Vista uses IPV6 by default, so I didn't have to configure anything to make it IPV6.
I did setup my main system as a router -- now I don't need an external router/firewall box to connect all my other computers to the Web.
I am currently using PNRP to connect to my system from a remote location (instead of using any DNS providers like dyndns etc). However, I cannot access my system using an ipv6 address from a remote location.

Can you detail what you did for tunneling?

I did it several weeks ago so I can't remember exactly... but:

I got an IPv6 from a tunnel broker (www.tunnelbroker.net). I'm also allowed to allocate a /64 address range (most tunnel brokers do this too).

The Ipv6 over Ipv4 tunneling protocol IS built-in in vista, BSD variants (including mac os x) an dlinux. So I have to configure the tunnel, which consists of two ipv6 ends and two ipv4 ends. Since my end of the tunnel is behind a NAT, I have to give the IPv4 address of the router with the NAT, and then configure the NAT to forward all incoming "traffic 41" packets to MY local ipv4 address. Since my router configuration thingy didnt have the option to single out protocol 41 (as opposed to tcp or udp), I configured DMZ which basically forwards EVERYTHING to one local address.

Both ends of the ipv6 tunnel are an address from the /64 address range I was given. I used an "ping me from the outside" tool, and I discovered that ALL traffic to any of the /64 address was directed to MY end of the tunnel (obviously discarding those packets that are not destined to me). So what I did was configure vista (or linux) to NOT discard those packets. It was a bit tricky since I had to give MY computer yet ANOTHER ipv6 address (one for the network between the other end of the tunnel and me, and one for my local network).
So I had two interfaces: the tunnel one (a "non-physical" interface), and the local one (giving an IPv6 address to the ethernet interface). I had to alter window's routing table so that packages going to the local interface are sent out through that interface (otherwise the way it was configured it would have probably sent them out to the other end of the tunnel where they would be discarded). But this wasn't enough, I had to tell windows to FORWARD ip packets (this was a bit tricy, I couldn't find the damn option in the command line, hehe). On linux this bit was MUCH easier.
And then configure all the other computers from my local network, giving them an ipv6 address from my range, and set

The way it works, the other end of the tunnel forwards all traffict to that range of addresses to me. If the destination is my local network, it forwards the traffict through the local ethernet. Traffic generated from the local ethernet to the outer ipv6 world will be sent to my end of the tunnel, then the other end will route it as normal.
Oh, and you have to tell windows to respond to pings too, to check from the outside if the local network is "external" now. hehe

Tunneling 1Pv6 over IPv4 is a very kludgey solution. Yes, it actualy does works, and yes Vista supports it; it's just that everything would be a lot better if everyone was running with native IPv6 throughout the whole infrastructure.

I for one am not looking forward to a total migration to IPv6. At least IPv4 addresses are relatively easy to remember, no chance of that with an IPv6 address :(

However I realise it will be a necessary evil. Perhaps better PR is necessary. Maybe even some "the sky is falling!!" type TV adverts.

(TCLN Ryster said @ #1)
I for one am not looking forward to a total migration to IPv6. At least IPv4 addresses are relatively easy to remember, no chance of that with an IPv6 address :(

However I realise it will be a necessary evil. Perhaps better PR is necessary. Maybe even some "the sky is falling!!" type TV adverts.

IPv4 addresses were never intended to be "easy to remember", this is just a bit of a side-effect. But to be honest, do you really NEED to remember many IPv4 addresses? Perhaps for an internal LAN, maybe, but even then most routers have a page listing all connected clients and their corresponding IP's.

Well with DNS, theres little need to remember IP addresses I agree. Maybe it's just me, and I'm sadder than most, but I know all the IPs of all the servers at work, as well as the IPs for my web and database servers for my personal website.

(TCLN Ryster said @ #1)
I for one am not looking forward to a total migration to IPv6. At least IPv4 addresses are relatively easy to remember, no chance of that with an IPv6 address :(

However I realise it will be a necessary evil. Perhaps better PR is necessary. Maybe even some "the sky is falling!!" type TV adverts.


Well, I don't think it is terribly difficult to remember when you have 0's in certain places.

0000:0000:0000:0000:0000:0000:0000:0001 = ::1 (loopback; correponds to IPv4 127.0.0.1)

834f:047d:0000:0000:bc91:0000:0000:5662 = 834f:47d:0000:0000:bc91::5662

There shouldn't be any reason to memorize the IPv6 addresses anyway. Write them down and keep them in a safe spot! ^_^

(TCLN Ryster said @ #1)
I for one am not looking forward to a total migration to IPv6. At least IPv4 addresses are relatively easy to remember, no chance of that with an IPv6 address :(

However I realise it will be a necessary evil. Perhaps better PR is necessary. Maybe even some "the sky is falling!!" type TV adverts.

I've had the local university's public DNS server's IP address memorized for years now. In retrospect, because of cell phones and contact lists, i don't have any phone numbers memorized.

(rpgfan said @ #1.3)

Well, I don't think it is terribly difficult to remember when you have 0's in certain places.

0000:0000:0000:0000:0000:0000:0000:0001 = ::1 (loopback; correponds to IPv4 127.0.0.1)

834f:047d:0000:0000:bc91:0000:0000:5662 = 834f:47d:0000:0000:bc91::5662

There shouldn't be any reason to memorize the IPv6 addresses anyway. Write them down and keep them in a safe spot! ^_^


That's only the case where the IPv4 and 1Pv6 numbers are equatable. Remember, IPv6 has a larger total maximum address space than IPv4, and so there are IP number (very many IP numbers) that can only be correctly expressed in the IPv6 format. It's like the difference between a 64-bit bus and a 32-bit bus: You could still run 64-bit bus in 32-bit mode (well, theoretically) but there's just no way to run a 32-bit bus in 64-bits.

Right now, for the sake of full bi-directional interoperability between IPv6 and IPv4, the IPv6 hardware is mostly limited to those address ranges that are backwards-compatible with the IPv4 system. However, you are going to see more and more IPv6-only sites.. and sooner than you might think. China and the asia-pacific region are way ahead of the rest of the world when it comes to IPv6. We really need to get the infrastructure in place if we're going to catch up and not be left behind.

What I want to know is, out of those ISPs that only run IPv4, how many have the IPv6-capable hardware in. I'm hoping that it's the majority, because if it's not there is going to be an unpleasant crunch-time coming up. It's not that I'm afraid of IPv6, it's just that I'm afraid that some of our corporate CEOs are eithier ignoring the issue or are just ignorant about it.

Well apparently commercial/business-grade hardware has been IPv6 compliant for years now so I don't think ISPs will have much to actually upgrade, at least hardware-wise. It's getting their clients to switch over that's going to be the tricky part.