Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Networking The Internet The Military United States Technology

Military Pressuring Vendors On IPv6 406

netbuzz writes "US military officials are threatening IT suppliers with the loss of military business if they don't use their own wares to start deploying IPv6 on their corporate networks and public-facing Web services immediately. 'We are pressing our vendors in any way we can,' says Ron Broersma, DREN Chief Engineer and a Network Security Manager for the Navy's Space and Naval Warfare Systems Command. 'We are competing one off against another. If they want to sell to us, we're asking them: Are you using IPv6 features in your own products on your corporate networks? Is your public Web site IPv6 enabled? We've been doing this to all of the vendors.'"
This discussion has been archived. No new comments can be posted.

Military Pressuring Vendors On IPv6

Comments Filter:
  • Say it! (Score:4, Funny)

    by Anonymous Coward on Monday December 20, 2010 @07:20PM (#34623174)

    Say you love IPV6, damn you! Say it!

    • Re:Say it! (Score:5, Insightful)

      by c0lo ( 1497653 ) on Monday December 20, 2010 @08:52PM (#34623988)
      I never thought I'll be agreeing with the idea of "army applying pressure" would bring anything good... until now.
      (note to myself: seems like I'm growing old faster than I thought).
  • Well (Score:5, Insightful)

    by zero.kalvin ( 1231372 ) on Monday December 20, 2010 @07:24PM (#34623212)
    I'll be pretty suspicious if Steve jobs tried to pitch me a mac while he is running fedora on his personal laptop. Point taken, good job I suppose.
    • Re:Well (Score:5, Insightful)

      by ushering05401 ( 1086795 ) on Monday December 20, 2010 @07:38PM (#34623372) Journal

      Yeah, good job and more please.

      Whoever writes the speeches @ 1600 Penn ought to make sure this one at least gets some lip service. While not a big deal for the general public, it is something that shows some common sense due diligence and proactive thinking from a widely vilified branch of our Federal machinery.

    • by adavidw ( 31941 )

      Well, Steve Jobs spent at least a few years pitching macs while running NextStep on his personal ThinkPad (1998 to around the time of OS X release in 2001). Not quite the same, since NextStep in a way represented the future of the product. But still, there's no better to way to reinforce the perception that the current direction of the company is a dead end than for the CEO to not use the company's products.

  • by Anonymous Coward on Monday December 20, 2010 @07:24PM (#34623214)

    Based on current rates of growth and industry trends, how long will it be before the IPv6 space is exhausted? Given how hard this transition is, would it be better to go directly to IPv8 or some kind of variable-length scheme?

    • Re: (Score:2, Funny)

      by TheDarAve ( 513675 )

      640k of address space should be enough for anyone.

      • by owendelong ( 614177 ) on Monday December 20, 2010 @10:36PM (#34624520) Homepage

        There is a difference here. IPv6 would be the equivalent of IBM saying something more like:

        640 exabytes ought to be enough for anyone.

        (note by exabyte I mean 1000 terabytes, not Exabyte the brand name of many 8mm digital video tape drives).

        340*10^36 (the IPv6 address space) is more than 10^26 times the current demand for addresses.
        Compare to 640k which was roughly 10^1 times the standard memory size for machines of the day.

        In fact, today, I doubt you can identify many (any?) machines with more than a terabyte of RAM.
        In fact, it's rare to find more than 128GB of RAM capacity in most machines. (64GB is roughly
        100,000 times the original 640KB number, so 128GB would be 2*10^5 times 640KB).

        To put the comparison in some perspectives you might be able to wrap your head around...

        If you were to allocate an almond M&M for every 256 IPv4 addresses, the resulting amount
        of almond M&Ms laid out in a 1-M&M thick layer would cover only 70 yards of an american
        regulation football field (NFL, not FIFA). (16.7 million M&Ms, 1 for each IPv4 /24 prefix)

        Contrast that with the number of IPv6 /64 prefixes (a bit more than 18 quintillion) which
        would provide enough M&Ms to fill all of the great lakes.

        Where each /24 can accommodate a single router and up to 253 other hosts, each
        IPv6 /64 can accommodate more hosts than you could ever physically put on any
        conceivable scale of network gear (18 quintillion+ hosts).

        There will not be a likely shortage of IPv6 addresses in any of our lifetimes.

        • by smash ( 1351 )
          Sorry can you please post the size of the ipv6 pool in something people can relate to, such as libraries of congress?
          • by owendelong ( 614177 ) on Monday December 20, 2010 @11:43PM (#34624904) Homepage

            I'll try...

            I have no idea of any meaningful measurement of Library of Congress for comparison, sorry.

            It takes 39 digits to define the number of addresses in IPv6. Only 10 digits to define the number of addresses in IPv4.

            If you treat each address as a unit of mass and consider IPv4 to have mass equivalent of 7 liters of water, then, IPv6 would have mass equivalent roughly to Earth. (The whole earth, including all the oceans, lakes, land masses, people, buildings, etc.)

            In IPv4, there are more than 1.5 people alive today for every address.

            In IPv6, there are 50,041,524,547,196,832,862,260,971,681 addresses for each person alive today.

            Or, perhaps consider the following:

            The US public debt is 13,848,000.000,000. If IP addresses were pennies, we would need 3,462 IPv4 internets to pay it off. The IPv6 address space, converted to pennies, OTOH, would pay the public debt more than 24,572,672,365,752,344,270,896,491 times.
            (If anyone wants to send me even a single IPv6 /64 network worth of pennies, please
            email me for contact information.) ;-)

            Hope that helps.

            • by Cinder6 ( 894572 ) on Tuesday December 21, 2010 @12:16AM (#34625058)

              I'll try...

              I have no idea of any meaningful measurement of Library of Congress for comparison, sorry.

              Got one for you. The Library of Congress has (according to Wikipedia) 21814555 catalogued books. There are 2^128 IPv6 addresses. Thus, each book can have roughly 1.56 * 10^31 addresses assigned to it.

    • by Nethead ( 1563 ) <joe@nethead.com> on Monday December 20, 2010 @07:26PM (#34623240) Homepage Journal

      You try to design a router ASIC with variable length addresses!

      • by Drishmung ( 458368 ) on Monday December 20, 2010 @11:54PM (#34624974)

        You try to design a router ASIC with variable length addresses!

        You and I might struggle, but Tony Li [lightreading.com] didn't seem to have a problem with it. Really. Go and look at Google Groups for info.big-internet around 1993-1994 and see Tony provide pseudo-code that demonstrated that variable length was not a problem for ASICs, nor was it any slower.

        Yes, it is obvious that fixed length must be better than variable length. Yes, that is incorrect. What everyone 'knows' may be far from the truth.

        Now, continue surfing using the more efficient, cheaper ATM (fixed size cells) NIC rather than that inefficient , expensive Ethernet (variable size frames) NIC.

    • by Anonymous Coward

      Until the surface of Earth resembles Coruscant.

    • by zero.kalvin ( 1231372 ) on Monday December 20, 2010 @07:27PM (#34623244)
      2^128 unique address. I don't think we'll be exhausting them any time soon. That's like each person on earth have access to roughly 10^38 unique address.
      • 2^128 unique address. I don't think we'll be exhausting them any time soon. That's like each person on earth have access to roughly 10^38 unique address.

        Huh?

        That's not enough to address the cells of one human body.

        (Of course putting your medical nanobots on the internet would be a pretty dumb move. DoS attacks would sink to a new level - about six feet under, while BSoD would become quite literal.)

        • Oops. Need to check my math BEFORE posting. B-(

          About 47 bits to address the cells of one body (if you only have one device with one port each and nothing for other stuff). Another 33 for the current population. That's only about 2/3 of the bits.

          Still, IMHO that's starting to get a little tight. You'll probably want more than one bot per cell, one port per bot, and that's not even counting things like the intestinal bacteria (which out-count the body cells by enough to reduce the body cells to a footnon

      • by Junta ( 36770 ) on Monday December 20, 2010 @07:39PM (#34623374)

        Though things aren't likely to exhaust any time soon, that's a fairly naive perspective on it.

        2^121 addresses are knocked out by ULAs, 2^118 knocked out by link-local addressing, 2^120 are only available for multicast. In aggregate, a small chunk, but sizable.

        Then, there is the inefficiency of distribution. Nothing smaller than /64 is ever supposed to be given to any single network segment. Currently, nothing smaller than a /48 is supposed to be given to an entity allowed to do routing (e.g. houses), though some have proposed allowing /56. Just like some places have 16.7 million IP addresses that don't need them, similar inefficient allocations will be made in IPv6 world.

        In order to do a competent assessment, a more complex projection is required.

      • by Gerald ( 9696 )

        There are 2^125 *global* addresses, you resource-hogging Earthist pig.

      • I remember someone saying the same general thing to me when I bought my first 80Mb hard drive. You could practically install every piece of software ever written for a PC on that one drive! Why would you ever need anything bigger.
      • Yeah, but if nano-scale computers are ever mass-produced...

        (...it would still take longer than the age of the universe to run out of addresses.)

    • by Nethead ( 1563 )

      Why IPv8? Why not IPv9?

      http://www.rfc-archive.org/getrfc.php?rfc=1606 [rfc-archive.org]

    • Think of it this way: each current IP address could have its own private entire IPv4 address space... and then each of THOSE private addresses could have its own private entire IPv4 address space... and then each of THOSE addresses could have its own private entire IPv4 address space.

      It'll last a while.

    • by Bookwyrm ( 3535 )

      Going to a variable-length scheme is one possible (if tricky) solution.

      The major problem is that 'end-to-end' has become blind ideology rather than useful design methodology. As a result, people keep fighting tooth and nail against the very idea of NAT and encouraging development of applications that are tightly coupled to the underlying network.

      Instead of pushing for IPv6, there should be an effort towards developing against a more abstract network model such that applications do not care if they are usin

      • by Nethead ( 1563 )

        Instead of pushing for IPv6, there should be an effort towards developing against a more abstract network model such that applications do not care if they are using IPv4 or IPv6 or IPv42, such that protocol translation between different network families can be implemented where necessary.

        You mean something like the OSI model?

        http://en.wikipedia.org/wiki/OSI_model [wikipedia.org]

    • by sjames ( 1099 )

      Take every single network interface ever created from the very beginning. They will all fit into just 1 /64 with room to spare. Now, have every machine currently on the Internet replaced with every network interface ever created. Repeat that 4 billion more times and we'll have to start changing standards around a bit to conserve space.

      We could give each human cell it's own IPv6 address and still not run out. Not even if we expand to a million other planets.

      We have a few to spare...

    • by bcmm ( 768152 ) on Monday December 20, 2010 @08:00PM (#34623572)

      Based on current rates of growth and industry trends, how long will it be before the IPv6 space is exhausted?

      (Deep breath)
      When we have colonised the entire observable Universe (at a (hugely over)estimated one habitable planet per star), our descendants* will be able to own about three-quarters of a million cellphones each.** [wolframalpha.com]

      Given how hard this transition is, would it be better to go directly to IPv8

      If you mean we should skip a step while we're at it, we are: we're going straight from 32-bit to 128-bit, rather than 64-bit.

      * In before "this is Slashdot".
      ** 715,925 cellphones should be enough for anyone!

    • Based on current rates of growth, it won't last until the heat death of the universe. But, for the required number of clients to come into reality, we'd have to be displaced through the biggest part of our galaxy, and IPv6 copes very badly with interestelar communication, so we'll need another protocol anyway.

    • by Yvanhoe ( 564877 )
      I remember someone actually calculating the density of nanobots you would need per cubic meter in the whole atmosphere to fill the IPv6 address space. You can do it, but that day we will have some more serious concerns...
  • I'm okay with this (Score:5, Insightful)

    by Byzantine ( 85549 ) <carson.sdf@lonestar@org> on Monday December 20, 2010 @07:34PM (#34623324) Homepage Journal

    As long as they're applying this across the board and not playing favorites (at least not without a damn good in-writing reason), I'm okay with this. I fact, I don't really see IPv6 being adopted soonish absent measures like this.

    • It is kind of funny. I rail and rail against the power and might of the military-industrial complex. Then things like this happen and I am thankful for the DoD for advancing the state-of-the-art in ways that the general market is incapable/unwilling too. It's...frustrating. Why do they have to make things so complex!

  • I upgraded my systems to ipv6 even though I just have IPv4 by signing up for a free tunnel broker service. I recommend SixXS [sixxs.net] if you are serious, or one of the others if you just want to flirt around with IPv6. Basically, you open a tunnel on one of the machines, it starts radvd which activates ipv6 on every machine on your LAN automagically, and thats all you do. Perhaps edit a config file here or there to turn on ipv6 if its lacking for some reason. The radvd machine broadcasts on your net and provides som
    • Hurricane is far better than SiXXs, IMHO. They seem to have better peering arrangements (the additional latency for me over v6 is negligable), and you don't have to go justify to HE why you want a tunnel. You ask for one, you get it. Plus, then you don't have to deal with SiXXs killing your tunnel without warning [sixxs.info].

  • Anyone with IPv4 addresses can use 6to4 right now to provide IPv6 connectivity. Software support for IPv6 is common, e.g. apache, postfix, etc. Operating system support is widespread, e.g. linux, *bsd, etc.

    There are no real barriers to having IPv6 public facing services for vendors except rank incompetence.

  • IPv6-enabled content is the first half... now to get a big ISP to enable it across all their systems (someone like Comcast, but more competent)
    • Actually, Comcast is currently conducting trials of IPv6 [comcast6.net] with their subscribers. I am not participating right now because I had to cancel my service, but I was very close to participating six months ago.
  • ....as soon as Consumer/SOHO routers that support it are in the right price range.

    Right now, the lowest priced item on Newegg that comes up for IPv6 is a cable modem, which I don't need, and that's $77.

    Then there is the Cisco router starting at ~$133 on sale.

    OpenWRT does it, and it looks nice, but I don't have the time to fiddle with flashing a router right now.

    When are we going to see a company hack something together with inexpensive chips, and flash that is dedicated to just running OpenWRT, then sell it

    • by blueg3 ( 192743 )

      ...but I don't have the time to fiddle with flashing a router right now

      Ten minutes of your time is that expensive?

    • Re:I'll move to IPv6 (Score:5, Informative)

      by Drakino ( 10965 ) on Monday December 20, 2010 @09:50PM (#34624276) Journal

      Newegg doesn't sell them, but the Apple Airport Express (and any 802.11n based Apple router) supports IPv6. $99 and up. Buffalo had one out in 2007, before their WiFi lawsuit, and has a few more out now. DLink does too.

      http://www.sixxs.net/wiki/Routers [sixxs.net] has a good list.

      It will be interesting to see what router manufacturers decide to be nice and offer IPv6 formware upgrades, and which ones push people towards new equipment.

  • by bertok ( 226922 ) on Monday December 20, 2010 @09:24PM (#34624148)

    There might be some pressure in the States to push IPv6 adoption, but there's none here in Australia.

    Every consulting project I've been on in the last two years, I've asked this standard question: "Do you have a business requirement or mandate to deploy IPv6 now or in the future?"

    Inevitably, the answer is "No."

    Here in Australia, at both private enterprise and government, nobody has even begun to think about IPv6 at any level. Nobody requires IPv6 capability when purchasing software or equipment, and even when the capability is available, nobody turns it on. The more "IPv6 aware" clients turn it off to avoid compatibility issues. Even when I offer to implement IPv6 for some new system ("no extra cost, I'll just turn it on"), nobody wants it.

    Pure IPv6 networking will be particularly hard to implement. I've tried experimental setups with products from various vendors. The usual result is that with IPv6 only most things work, but some things break. Stop and think about this for a moment: imagine if that sentence was: "the usual result is that with IPv4 addresses most things work, but some things break." That would be totally unacceptable for any enterprise software, yet it's "perfectly acceptable" for every major vendor to ship software where that's the situation with IPv6, because... nobody cares. The failures are often quite pathetic too, like dialog boxes that require an IPv4 address to be entered, even if it's never used or needed, or only accept IPv4 address for things like DNS servers. Clearly vendors have never tested their products in pure IPv6 environments, or did test them and decided it's too much effort to fix for something nobody cares about.

    Let me whip out my crystal ball and predict that when IPv4 addresses run out and organisations scramble to implement IPv6, it's going to be a rush job, and we'll start hearing horror stories of incompetent admins that inadvertently bypass or break firewall rules by enabling IPv6 and cause major issues. These reports in turn are going to scare off management, who'll assume "IPv6 is bad", because they "read about some horror story of how Incompetent-r-Us Pty Ltd was hacked when they turned IPv6 on, hence, IPv6 must be insecure". Combined with stories of broken software and issues like IPv6-connected browsers waiting 30-60 seconds for IPv6 requests to time out, I'm certain that nobody is going to start using it until absolutely forced to.

    It's a bad, bad sign that all the major websites like Google and Facebook have "ipv6.normalurl.com". That's because practical IPv6 implementations are often broken, and if enabled it on the main website, it breaks it for a huge fraction of users. If Google and their like can't implement IPv6 transparently without issues, and are forced to create "experimental" websites, then what hope does the typical admin have?

    • Let me whip out my crystal ball and predict...

      Come back in 6 months and you'll be able to start testing your predictions. We're down to 4 or 5 free blocks to allocate to the RIRs, and then they'll allocate onwards. Not that IPv6 is on any publically visible agenda, at least until this article came along.

      That said, the internet we have today is largely a set of conventions based on patch jobs that were later formalised in the RFC process - IPv6 at least has been around for a while. Someone's going to make a lot of money out of this stuff - if you're hal

    • Re: (Score:3, Interesting)

      by bkk_diesel ( 812298 )

      The more "IPv6 aware" clients turn it off to avoid compatibility issues.

      Interestingly, a google search for "how to turn on ipv6" [google.com] has the first three results instructing me how to turn OFF IPv6, which seems to bolster your argument.

    • by smash ( 1351 )

      Not sure where you've been looking but Telstra have a public "Transition to IPV6" document available after a simple google search. The Aussie government has a time frame of 2008-2009 for preparation, 2010-2011 for transition and 2013-2015 for "implementation" whatever that means.

      Plans are most certainly afoot, I'm currently awaiting a response from my account rep, but he's just left for the christmas break.

  • In practice when I've worked with these guys (as a vendor) and been game on, lets install this in your IPv6 environment - things get quiet real fast. This is only about them trying to squeeze more from their budget dollars. They *have* software today that works in that environment. Guess what? They won't install it in anything but IPv4 networks.

    That $400 hammer looks like a bargain when you deal with these folks. Sure, the engineering for the actual hammer costs $40, but all the other crap they 'want' t

  • back in 1946 the military got rid of racial segregation, and opened up any post to anyone of any color. It took the rest of the government 20+ years to catch up.

    How about the entire federal gov't follow the army's lead and REQUIRE ALL COMPUTERS, ROUTERS AND NICS BE PRECONFIGURED FOR IPV6 OUT OF THE BOX from all vendors by end of 2012, or they don't get a gov't contract. How about it, Nancy Harry and Barry?

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...