I have been a proponent of IPv6 as a cure-all to dos attacks and whatever. Here is a good article on it:
Wednesday, November 15, 2000
Internet Protocols
IP's Next Stop
IPv6 has the juice to support an era when even refrigerators may have unique IP addresses
internetweek.com
By Kelly Jackson Higgins
IP Version 6, the next-generation Internet protocol, finally may be ready to move the Internet to a new phase where most everything can get an IP address of its own. The roomy address space in IPv6 has enough headroom to outfit Web phones, cable modems, DSL connections and even airplane seats with IP addresses.
"Addressing is the major reason IPv6 will get deployed," says Robert Hinden, co-chairman of the IETF's IP Next-Generation Working Group. "It's the reason it was developed in the first place--for making the Internet bigger."
Still, there doesn't appear to be any rush by businesses to adopt IPv6. Most U.S. companies are still hoarding their existing IPv4 addresses, or making up internal "fake" ones, and remain indifferent to IPv6. It's the IPv4 address-deprived regions, such as Asia and Europe, and the wireless networking industry that are pushing the next-generation IP so they can get more IP addresses. The IPv4 address infrastructure has used up about half its capacity, which leaves little for new networks and attached devices.
Wireless may be IPv6's first killer app: The Third Generation Partnership Project (3GPP) mandated IPv6 for next-wave wireless networks, which should result in an explosion of handheld devices that can talk Version 6 during the next few years. That should get U.S.businesses more interested. Already, European countries, such as the United Kingdom, are auctioning off licenses for these next-generation wireless networks. The United States, which is at least a generation behind Europe in wireless, begins its auction in 2002.
The new-age Internet will be more mobile as well, with IP packets jumping from wired to wireless and back again. IPv6's 128-bit address structure will be able to accommodate the new generation of wireless handheld devices. IPv6 has a 128-bit address versus IPv4's 32 bits, which translates into virtually unlimited addressing space because it's exponentially bigger.
"Wireless is going to drive IPv6," says Art Souza, vice president of worldwide marketing for Ezenia, which sells interactive and videoconferencing server software to corporate IT departments and ASPs. "There are a lot more cell phones than PCs."
Meanwhile, the biggest names in the Net already are on board with commercial IPv6 products. Cisco, which has offered a downloadable IPv6 stack for about two years, will ship a production release of IPv6 in its IOS Version 12.2.1t in the first quarter. Sun Microsystems already supports IPv6 in Solaris 8.0, as does IBM in AIX Version 4.3 and above. Microsoft is expanding its plug-in to a real product in the next release of Windows 2000 mid-2001, and Novell will offer a downloadable IPv6 plug-in for NetWare 5 and 6 the first half of next year. Nortel is building IPv6 into an ASIC for its upcoming 3G wireless equipment--it already offers IPv6 in its AGS router and Passport 5430 voice/data switch. Shareware operating systems BSD Unix and Linux already support IPv6.
Most of the early IPv6 customers include researchers and universities, with the exception of a few hush-hush corporate pilots and some U.S. government agencies. IPv6 vendors admit that even though businesses are finding it harder to get big blocks of IPv4 addresses, there's no sense of urgency just yet. IPv4, which is actually the first version of IP, is expected to live another 10 to 15 years, likely mixed with the new IPv6 handsets, routers and network servers.
The story is different overseas. Unlike the United States, which built and expanded the Internet and got massive chunks of IPv4 addresses early on, Asia and Europe are facing crunch-time for IP addresses. The disparity is staggering: Stanford University, where much of the Internet was born, has about 17 million IPv4 addresses. That compares with China, which only has about 9 million IPv4 addresses for its entire nation. Both Japan and the European Commission, tired of scrounging up the little IPv4 address space they have, this year have called IPv6 an important component of their future IP expansion.
IPv6 addresses already are being doled out to service providers by the regional Internet registries, such as the American Registry for Internet Numbers, or ARIN, and its counterparts in Asia and Europe. Japanese ISP Internet Initiative Japan, for instance, already offers a native IPv6 commercial service in Japan. And in the United States, Qwest Communications, WorldCom and Zama Networks are among the first ISPs offering IPv6 transport services.
None of the U.S. services are taking off, but Qwest is actively recruiting beta sites for its new commercial IPv6 network service, which runs on a separate OC3 backbone from New York to Denver and then on to San Francisco.
"IPv6 is going to be a worldwide movement," says Guy Cook, vice president of Internet services for Qwest. "The Internet, so far, has been largely an American-centric one.''
Ironically, IPv6 hasn't exactly made its debut in warp speed. The protocol has been over 10 years in the making, and its once-unique features of quality of service and security since have been strapped onto IPv4. But IPv6's expanded address capacity and other features, like autoconfiguration of network devices and Mobile IP, have kept it alive.
"To take the Internet experience to the next level, there has to be an IPv6 infrastructure," says Mark Silverberg, senior marketing manager for Compaq's Unix business unit, which markets its Tru64 Unix operating system with IPv6.
No Forwarding Address
The remaining IPv4 addresses are not enough for the estimated 1 billion new nodes, including wireless handsets, that are expected to jump on the Net in the next few years. IPv6 amounts to about 1 billion addresses per person, says Thomas Narten, senior software engineer for IBM and an IETF area director.
Here's the bottom line on the IP address conundrum: IPv4 is like having a fixed amount of phone numbers for a larger number of phones. IPv6 is like adding more digits to the phone numbers so there are more addresses available for network devices.
Although the typical enterprise isn't ready to go IPv6, big mergers and acquisitions can cause IP address headaches, such as if a buyer has to relinquish the acquired company's existing IP addresses and assign new ones.
"You'll start to see some of these companies going Version 6 as they start testing and evaluating their strategy for the future," says Graham Lovell, director of product marketing for Solaris, which packaged IPv6 in Solaris 8.0.
For now, businesses testing IPv6 aren't talking yet, and few U.S. businesses are paying much attention to IPv6 at all. Even over two years after Bank of America's merger with the former NationsBank, BOA still has enough IP addresses. It runs a large DHCP architecture that manages the bank's hundreds of thousands of IPv4 addresses that came out of the merger.
"IPv6 isn't even on the radar screen for us right now," says Rick Ingrassia, vice president of open networking for Bank of America in San Francisco. "We are not having any addressing demands--we've got plenty," he says.
Aside from addressing space, IPv6 has a few other perks. For one, in an IPv6 world, it will be easier to switch ISPs since businesses won't have to relinquish their IP address when they change providers. "You can leave your network provider, but still keep your distinct device address so you don't have to renumber your network when you change providers," says Orv Cooper, executive vice president and CTO at Zama Networks.
That's due to IPv6's autoconfiguration feature, which is basically autodiscovery. One method is the so-called stateless autoconfiguration, which combines the machine's existing MAC address and a network prefix from the local router to assign its IP address instead of one allocated by the DHCP server.
"That saves time, and it can let users with little knowledge of infrastructure configure their device without knowing it," says Susanna Wood, manager of Nortel's IPv6 program. This also eliminates the labor-intensive approach to administration of DHCP servers that most large organizations use today to manage their IPV4 addresses. Version 6 also can use DHCP if a company doesn't want to scrap its DHCP servers.
And unlike with IPv4, users won't have to reboot their PCs or laptops to make a change to an IP address.
"Autoconfiguration will make the network a lot smarter," says Shanen Boettcher, lead product manager for Microsoft's Windows 2000 server marketing. He says it will know from the address that it receives whether a user is on his home or work PC.
Security still is a bonus with IPv6 because it's built into the stack. Even though IPSec is available for Version 4 networks, the clunky Network Address Translation gateways that sit at the edge of some large enterprise networks can slow down the encryption process. NAT gateways convert private, or made-up, IP addresses to a smaller pool of official ones the Net can understand, and vice versa. "With IPv6, security works end-to-end with global, unique addresses," says IBM's Narten.
3GPP, in its Release 2000 specification, requires IPv6 to be built into the wireless IP Multimedia Subsystem--the routers and servers that split voice and data into the network--starting in 2002. That means the new IPv6 gear can assign Version 6 addresses to handheld devices.
"It will probably be IPv4 and IPv6 out at the handsets, so there may or may not be tunneling or address translation before the IMS," says John Donaldson, director of strategic marketing for wireless Internet at Nortel, which is building IPv6 into its wireless products.
But that doesn't mean that within two years all handsets will be IPv6-only, nor that the Internet infrastructure will be either. Like the IPv6 testbed networks, the handsets will be doing some "tunneling" of their Version 6 traffic over the established Version 4 infrastructure, as well as some NAT.
IPv6's Mobile IP feature lets users keep the same connection across different cell sites. "It lets you hand off between towers so you can keep your IP connection up," Donaldson says. However, what Mobile IP does not do, he says, is keep the connection intact if a user jumps from wireline LAN to wireless, which is why Nortel added that feature to its IP Mobility software.
Still, there's plenty of infrastructure to retrofit with IPv6 before it can really take off. Most of the Cisco and Juniper gear that runs much of the core public Internet does so with IPv4. "There are no [commercial] firewalls or packet-filtering devices using it," says Sun's Lovell.
And software-based IPv6 may be sufficient for early implementations, but it won't do in the long term for large ISP networks. "Software is adequate for now, but we need silicon for the way we see our business growing in the next year," says Zama's Cooper.
Not to mention just how the network service providers will be able to support handsets that jump from the public-switched telephone network to the Internet.
"It's going to be a lot of fun when you are dealing with 500 million handsets roaming and needing to terminate on fixed wire-lines--this an enormous effort," says Charles Lee, executive manager of government markets for WorldCom. "The reports and billing and support issues people are accustomed to in telephony have to be developed for IP."
Applications, meanwhile, are practically nonexistent for IPv6. Microsoft offers an IPv6 developers toolkit for Windows 2000, which includes some tools, called "scrubbers," that scrutinize an app to determine what it needs to talk Version 6, such as more memory. But converting an app is mostly a matter of adding an IPv6 protocol stack and making it understand its new 128-bit address.
Some apps won't need to interact with the protocols at all, while others will.
"Most applications will be easy to recompile to use 128-bit IPv6 addresses, but others might take a bit more work,'' says Bob Fink, associate department head for research at the Energy Sciences Network, which is funded by the Department of Energy and operated by UC-Lawrence Berkeley National Laboratory.
Meanwhile, even while many American companies are still content with their existing IPv4 infrastructures, the leading networking vendors and providers are quietly laying the groundwork for the next-generation IP. And like many technological milestones, IPv6 will emerge gradually without much hoopla, and most end users won't even notice the changeover.
Kelly Jackson Higgins is a freelance computer journalist based in Stanardsville, Va. She can be reached at kjhiggins@aol.com. |
