Productivity

Internode's Simon Hackett Explains Why Moving To IPv6 Should Not Cause Panic


We’ll soon have exhausted all the available IPv4 addresses, but that doesn’t mean that everyone needs to freak out or buy new routers before the year is out. Lifehacker sat down with Internode founder Simon Hackett to get the inside track on why most Australians don’t need to worry about the IPv6 issue for another decade.

Quite aside from the fact that Internode is the favourite ISP of Lifehacker readers, Hackett’s insights are worth having because Internode has been running its own IPv6 network trial for customers over the last 18 months, and expects to have new customers connecting using IPv6 rather than IPv4 by the end of the year. We’ve covered the basics of why we need to change, but how does that work in the Australian context? Here’s what Simon told us:

What will happen as the IPv4 address supply dwindles: “Rather like peak oil; there’s running out and there’s getting too expensive to mine, and they’re different. It’ll take a long time before they run out, but what will happen is they’ll get more expensive. It’s not what the people that drive these standards want to have happen: in principle, IP addresses aren’t supposed to be tradeable. In practice, welcome to the real world. There’ll be a point where if you’re a big American provider who has run out of addresses and is lazy, you’ll go find a little guy that got a stack of class Bs and buy them. There are ways you can trade them without trading them.

“The real point is that what’s running out is the capacity for new customers to gain an IPv4 address, not for existing customers to hold on to what they have. So the surprising answer may be about what an existing customer has to do is: really, if you’re not in a hurry, you’ve probably got about ten years to care because the IPv4 Internet isn’t going away, it’s just everyone is adding an IPv6 head to what they do in parallel. If you’ve got a genuine IPv4 address, there’s no sense of urgency.

“The thing about IPv6 is to give someone the ability to get a native IP address when we can’t allocate any new IPv4 ones. We’ve got years’ worth of IPv4 at our current growth rate in our own pools because the last allocation we got turned out to be big enough and corresponded to the Australian industry starting to saturate, in the sense that today most people who want a broadband connection have got one. If you’re nicking a customer from someone else, chances are they need one back from you and you’re just swapping. There’s actually less of an emergency than it looks. It’s more about being ready for this so when it matters it’s not an emergency.

“In a lot of ways, IPv6 is driven by countries other than Australia. It’s about places where there’s growth rate putting a higher stress on it. We want to be a technology leader here, but China needs billions of these addresses straight away and doesn’t want to stick them all behind a single NAT (network address translation) gateway. And even if there is a NAT gateway, they need an allocation core that’s huge.

“The reason why it’s hard to make the shift immediately is that the presumption of a IPv4 address is so wired into everything. It’s the bootstrap mechanism to get onto the net, which kind of assumes IPv4 is there It’s going to take years to wean people off that, and in the presence of carrier-grade translation systems, probably no-one will ever bother weaning themselves off it. It’ll be there, but just enough to do that bootstrap and then all the work you do will be in IPv6.”

What Internode has learnt from its own internal trial: “We IPv6 enabled our backbone in mid-08 and started doing the current trial of dual stack access for customers that are interested about 18 months ago. The reason that it’s still called a trial is that we haven’t completely embedded it into all of our production systems to the extent that we want to take the word trial off it. It’s really about saying to our customers that address is going to change once and then after that that should be it. Technically in terms of the packets going back and forth it all works perfectly well.

“Over the remainder of this calendar year we are planning to go from IPv6 optional to IPv6 being on by default. If something bad happens you can use a toolbox setting to turn it off again. The routers we’re selling are all capable of IPv6 — although the firmware builds are still emerging in some cases — so they’ll be out there. Today you turn on IPv6 explicitly with us; what will happen is it will be on and you will be able to turn it on and off with the toolbox setting, rather than changing your login details. You’ll need to turn it on in your router and turn it on in the toolbox and it will just go.”

How starting early has helped router vendors: “We’ve discovered in the process that we are very early in the game and we’re earlier in the game than you’d think would be reasonable given that vendors have had a long time to do this. In the next week or two we’re going to transition to the points where our production LNSes — the things that are at the other end of the PPP connection — are doing this directly. Right now we have an offboard set of them running trial code that do this stuff in Sydney and Adelaide, but we’re going to go within a couple of weeks to the point where the place where your IPv4 connection ends in our network is the place where the IPv6 one does.

“It’s been a chicken and egg thing getting started: we’ve got vendors of CPE (customer premises equipment) to realise that we’re serious and now they’ve become serious. The FRITZ!Box we’ve just launched and also Billion and NetComm and several others either have IPv6 code out there as standard or are on the verge of it. NetComm are a great case in point. They literally called us and said ‘so we’ve been running your trial for a few months and we think we’ve got some working code — what do you reckon?’ It was a good catalyst to have done that because they finally had a place to test it that was real world and not their own labs.

“Our network guys have had to go through a surprising amount of introspection about how to make this work because while the standards are old, what isn’t old is operational practice in using them. There are questions around things as fundamental as: how does our end give your end an IP address? It turns out that, rather like VHS and Beta, the guys that came up with the ideas in the first place couldn’t help themselves and there’s two ways to do that. So there’s two right answers except that it helps if you’re both using the same right answer.”

Why mobile phones will drive the transition: “It turns out that the real catalyst for these issues is mobile devices. This iPhone I’m holding is IPv6 capable now, and if I’m at home on a IPv6 Internode connection, it all works. So mobiles change the equation. Frankly, for the average happy kid walking down the street who wants to access the interwebs with their mobile phone, if Twitter and Facebook and Google are IPv6-enabled, 98% of what they think the problem is has gone away. Guess what? They are, now. So if your phone only does IPv6, the Internet you see already gives you access to all the bits that keep you happy and that your average teenager wants.

“So if a big US provider makes that shift with their phones, it creates an enormous pool of incentive for others to convert their sites to IPv6 or they won’t get the same crowd visiting their sites. It will be the first few big US mobile providers who can’t get a big IPv4 block for the next 10 million users but who can get an IPv6 block that will drive the change.”

What does all this mean for the average customer?: “The big topic is: so I’m a user, what does it mean to me? The answer is: if we do our job right absolutely nothing. It’s extremely unexciting but the truth, and it’s the reason why providers and the IETF have had trouble getting take-up for IPv6. For an ISP, it’s a cost, not an income source. It’s a risk mitigation factor for a risk that keeps being malleable about exactly when it happens. Big busy ISPs in general get very tied up with what today’s problem is and if that’s not today’s problem, it doesn’t matter.

“It feels like this year we’ve gone through a real tipping point. The CPE vendors are doing it, it’s actually happening, and there’s been that official announcement of the impending doom of IPv4 which has got everyone believing that it’s real.

“The hope is to do it so seamlessly that you never have the conversation with the mythical average customer. They just plug their router in, they get their interwebs, and it all works. Any gap to that seamlessness in some sense means we haven’t done our job right. I’ve been doing IPv6 at home for months and I can’t point to a scenario where something has gone wrong, but 18 months ago that wasn’t true The stacks in Windows and Mac systems have had to get better about seamless failover when you try with IPv6 and it fails to then trying IPv4. It’s got dramatically better, because everyone is taking it seriously now. When the failover doesn’t work the right way, what happens is you see a big delay before a web site comes up. But that’s the worst of it, and it’s a good situation.

What do site developers and security companies have to do?: “There’s another piece of work to do here. Everyone presenting content needs to turn on IPv6 on their web servers. The good news is that’s easy. You really do need just to get brave and turn it on.

“CPE vendors need to realise that their customers don’t give a damn about this generally, and so firewall settings on a router need to work simultaneously in IPv4 and IPv6 so you don’t get a disparity. There’ll be a period here where the black hats start using IPv6 to break into systems, because all the old security bugs are new again. We just have to survive that.”

“Getting people to run their content on IPv6 improves the chances of that seamlessness, and at some point in the future you wind up with IPv6 in the majority, but I think it’s going to be 10 years from now. It’s going to be a gradual process. It has to be.”