Why Hasn't Everyone Moved To IPv6?

We've known for decades that the available pool of IPv4 address was eventually going to dry up, but despite numerous warnings usage of its successor IPv6 is still minimal. Why haven't we migrated yet? Geoff Huston, chief scientist for regional internet registry APNIC, suggests that the answer is that carriers are too cheap to make the switch and are happy to rely on network address translation (NAT) systems instead.

IPv6 picture from Shutterstock

In a presentation at Linux.conf.au in Canberra yesterday, Huston pointed out that despite the fact that allocation of IPv4 addresses is now effectively frozen, uptake of IPv6 has been very slow. "At the moment, there's very little IPv6 out there," he said, citing measurements that suggest active usage below one per cent. "Most of the world is capable of running IPv6 but doesn't.

Rather than rebuilding their systems, carriers have favoured using NAT instead, which effectively allows multiple devices to use the same IP address, with the NAT equipment determining which address needs to go where. "Almost everyone now in the mobile part of the world uses carrier-grade NATs and increasingly this is happening in the wired world as well," Huston said.

It's a messy solution and one with several limitations: you can't readily access HTTPS content, for instance. However, it's much cheaper than acquiring new hardware. Huston estimates the cost at $40 per user per year, and that figure continues to drop.

So what happens if you want to build a new data centre and need a fresh block of IP addresses for that purpose? Effectively, you have four choices. APNIC might be generous offer you a small block of 1024 IPv4 addresses from its remaining pool, but that's not guaranteed and it may not be sufficient. You can try and build an all-IPv6 centre, but many equipment manufacturers haven't made the switch yet. As Huston puts it: "Go to a vendor and say you want dual stack equipment and they will laugh at you."

You can try and buy IP addresses from existing owners, but despite predictions of price gouging Huston says the secondary market remains relatively undeveloped so far: "It's not a market, it's just a bunch of people playing around."

The biggest pools of addresses are now owned by large telecommunication companies. "There are no more small-scale ISPs any more," Huston observed. "This industry has agglomerated like crazy. Finally, you can use NAT, which appears to now be the default choice.

Huston noted that while IP technologies have been adopted by carriers, that didn't happen without a struggle. "When you look at the Internet, you in some ways see a story that exists despite the telephone companies."

The challenge now is in updating the network hardware. Modern operating systems all support IPv6, as do most newer phones. "Considering how fast we cycle through technology, most of the stuff out there talks IPv6," Huston said. However, that doesn't help if the equipment those devices connect to doesn't use the newer protocol.

In Australia, the only ISP offering IPv6 by default for new connections is Internode, and none of the mobile carriers offer it. "That's why the numbers are so shit. None of the providers in the last mile are willing to take the punt," Huston said.

End users might not care how their IP addresses are assigned, but an internet based largely on NAT systems would completely eliminate network neutrality, Huston suggested. "A carrier-grade NAT is like a toolbox. The access provider has visibility to the traffic, and the rationing model changes."

"Once we've exhausted IPv4 addresses there's no such thing as end-to-end anymore All of your traffic is pulled apart and sometimes the content is changed. All of a sudden, openness doesn't exist any more. This whole idea of permission-less networking is over if the network is ridden with middleware and with folks whose economic incentive is to restrict the edge because they want their money back."

For Huston, the biggest issue is that the resistance to IPv6 might signal a move away from the open standards-based world that the internet has heralded, returning us to the state of technology three decades ago. "Back then, everything was proprietary. It was a closed world. We never see much of that any more, apart from the iPhone which is a resurgence of the same thing. This is a world which is dominated by openness, but how fragile is this? Will it last?"

"What we've really done is shut down the last 10 years of fascinating, mind-boggling marvellous innovation and replaced it with crap. It's time to think about this and choose very carefully."

Lifehacker's World Of Servers sees me travelling to conferences around Australia and around the globe in search of fresh insights into how server and infrastructure deployment is changing in the cloud era. This week, I'm in Canberra for Linux.conf.au, paying particular attention to the systems administration mini-conference and sessions on virtualisation and best practice.


Comments

    As the diagram clearly indicates - we have an IPv4 past and an IPv6 future, but nothing for the present...

    Where's the migration path? Do we have a roadmap? What is our interim solution? What is our friendly government doing to assit or regulate the change?

    No wonder it's stuffed.

      The interim solution is dual stack hardware or interop tunnelling like Teredo or 6to4. There's enough there to ensure stable operation during the changeover, the only thing holding back transition is the cost of equipment. ISPs and infrastructure owners have already forked out millions for high end IPv4 network hardware, they're reluctant to fork out for IPv6-compatible replacements.

      As for the government, they've proven themselves incompetent when it comes to technical details about information technology. Why you'd want them involved is beyond me - if they stuck their fingers in, the process would never happen.

        The issue of the cost of new equipment sounds like a fine argument for implementing certain things in firmware (or even FPGA's) instead of permanently etched silicon. Oh well, too late now.

          Agreed, but it wasn't a consideration when the much of the existing infrastructure was designed. There's a lot of (technologically) old hardware in important places, unfortunately.

    Telstra do love their use of NAT on 3G sims. It will be hard for them to let go because it allows them to push their IP WAN products that give private 3G cards with static IPs.

    Yes you can get a dynamic IP on Telstra sims if you get the codes added to your account to be able to use the telstra.extranet APN, but they dont like you using that service and most at Telstra don't even know it exists.

      NAT isn't impossible in IPv6, and can still be used for keeping details of an internal network private if necessary. It's just that IPv6 is preferable to using NAT to deal with the lack of available addresses, because NAT is a hack that ruins the end-to-end nature of IP.

        There are plenty of ways to keep the internal details of your IPv6 network private (split horizon DNS, port blocking in a firewall, etc) without implementing NAT66. The ONLY reason for NAT44 was to extend the lifetime of the IPv4 public address space another 10-15 years while we got IPv6 going and ready for prime time (it is). Those 10-15 years ended in 2010. APNIC ended normal allocation of IPv4 on 15 April 2011 and RIPE on 12 Sep 2012. Others will inevitably follow. IPv4 is End Of Life. The core routing tables are exploding now that we are carving up blocks into tinier and tinier pieces, each requiring a route. CGN is breaking more protocols than NAT44 did. VoIP, IPsec, P2P, multiplayer online games, etc. All work better without NAT in the way. Multicast never worked well in IPv4. Mobile IPv4 was a joke. These work great in IPv6. THERE IS ABSOLUTELY NO NEED FOR NAT66 (the IPv6 address space is already plenty large, thank you very much). An argument can be made for NAT64 (and maybe even NAT46) but no one has been able to make these work even halfway right (it has all of the problems of NAT44 plus new really nasty ones due to different semantics between the two stacks). It's better to do translation at Layer 7 (this works great - we're doing it now - you just need a proxy for each protocol to be translated). I keep running into recalcitrant jurrasic network engineers at IPv6 talks that insist THEY are going to deploy NAT66, whether anyone needs it or wants it, because that's the only world they know. I swear I'm going to kill one of them someday, right during the Q&A session.

        There are no "private" addresses comparable to RFC 1918 IPv4 address to hide behind a "public" IPv6 address. There were at one point (site local) but those have been deprecated (too many problems, just like RFC 1918 addresses - also no need for them). There is no way to map an external public address to/from ULAs - those are to have a common non-routable address set across multiple sites in a single organization (which is linked via IPsec VPNs). NAT DOES NOT INCREASE SECURITY. Access restriction is done via closing ports in firewalls or using a proxy based on address and/or port, or in the app (reject some connections based on IP address, etc). NAT actually makes security more difficult (ever have to add a proxy ARP for BINAT on an IPv4 firewall - you don't need to do that with IPv6!)

    The IPv4 transfer market is the other side of the coin for IPv6 adoption - it helps companies avoid spending money on NAT ahead of IPv6 deployment. There should be some interesting discussion around the market at the upcoming North America IPv6 summit in Denver...

    All equipment has to be replaced eventually, either because its no longer cost-effective, or because its holding back performance or market competitiveness. So, I'm assuming its only a matter of time [?] before the old IPv4 equipment is gradually replaced.

    The problem right now is that nobody has any experience with running large scale IPv6 networks. There is a lot of "operational experience" needed to make sure these systems work as designed under load. Couple of places are trying to share information about IPv6, for example the gogo forums and the SANS Internet Storm Center has an IPv6 "Focus Month" coming for March which should be interesting.

    While what you say may be true in developed countries, I'm in Latin America. I just finished giving a week of instruction on IPv6 to the local Technological University professors that teach networking. They haven't been teaching IPv6 because they didn't know it (heard about it, but didn't actually know how the protocol worked). That means the techs in the field here don't know how to deploy it, so ISPs couldn't deploy it even if they wanted to (and it appears they don't want to -- which they don't). Hopefully, in a few years, techs that can spell IPv6 will be in the field here and be able to deploy it when the time comes (although that time is now).
    I'm afraid NAT will be around for a long time to come. A very grim present indeed.

    So you want a unique identifier placed on every individual? Just think about it..................

    IPV6 headache ... Any one can get IPV6 address and FREE as it is illegal to sell, but the snag is that it is like a domain with 64000 addresses. - this is good for corporations. The problem is how to granulate it further ( they are working on it I hope ) so a person gets say 8 last bits of the address to use in his "little home domain", 255 addresses for refrigerator, coffee maker, dogs and cats, tablets, PCs, your movie or music streaming NAS, and what ever ... IPV6 gives more than 1000 addresses per square meter of Planet Earth.
    The modern cars do have assigned IPV6 addresses by car manufacturer so they can communicate with the vehicles all over the World. ( if there is WiFI publicly available, Australians dream ) It is brilliant solution ... on build in LCD panel manufacturer tells the driver that engine, brakes or ??? needs the services, tells address of nearest service station. Upon arrival service gurus already know where the problem is - it saves money for owner and service station.
    Ha, even further, one can get message from washing machine manufacturer that there is something wrong and guru will come to fix it. With your internet connected bracelet your doctor sends you message that you need get to hospital ASP as you are near the hard attack.

    The future looks exciting and grim at this same time ... I am not sure if I want to be connected 24/7/365 .... I still would love to have my "little domain"

Join the discussion!

Trending Stories Right Now