Darwin's Theories Blog

New Theories for a New Time

IPv6 or Bust, and, Farewell IPv6 Samurai

2007-10-31
One Good Fight loses One Good Fighter
In case you've been off-net for the last ten years, you should know that the Internet is running out of IP addresses - the telephone numbers of the Internet - at an alarming rate, and will reach the failure point within three or four years.  IP is the Internet Protocol, the software that figures out how to get your Web, Email, VOIP or other data from computer A to computer B through a changing mesh of other computers, routers, and links.  The designers of the current version of IP - IPv4 - were good designers but never anticipated the commercial success of the internet technology, nor did they envision internet-connected televisions, heating/cooling controls, and home networks in every home.  The result is the impending doom of "Sorry, you can't have Internet service, we're all out of addresses."

The stop-gap solution of Network Address Translation (NAT, which some Linux people rebrand as "IP Masquerading"), only goes so far.  Many of the protocols involved do not work over NAT. This is not the answer.

The long-term solution is IPv6 (longer article on IPv6). Don't ask what happened to IPv5;  for that matter, don't ask what happened to IPv3. But I digress.  IPv6 allows 128 bits of addressing, compared to IPv4's 32 bits.  IPv4 thus allows just over four billion connections, and the Internet has estimated three billion already, growing about 170 million per year.  IPV6, however, allows trillions of trillions of addresses.  Write the number one (1). Now write seventy seven zeroes after it.  That's how many connections IPV6 allows, more or less.  While there are already more people on the planet than IPv4 addresses, there will never, ever be 1.15 * 10^77 people on this planet.  Should our insane population growth bring us to 10 billion people, the survivors will be able to allocate 1.15 * 10^67 IPv6 addresses each.  If they still have electricity to run their computers, that is.

So, how do we get from IPv4 to IPv6? That has a lot to do with politics, economics, and technology.  First, we know that the herd mentality leads humanity to keep running in the wrong direction even when the cliff is pointed out to us, trying to veer away only at the abyss.  Just look at how we are continuing to mis-manage the environment, the oceans, the future of the planet.  Second, end users don't know or care about the problem, so they will not push their ISPs to support it. And some ISPs will say it's not their problem until users start asking for it, though some of the more sensible ones already have it up and running.

Sadly, the reality is there may not be a push to adopt IPV6 until the year 2011, when people can't get service.  Then, of course, it will be done hurriedly, and poorly, and with no thought for security.  But there are some pushing for its adoption; in fact IPv6 has been available for almost a decade (as soon as the Internet started becoming popular, some of its stewards realized that the address pool was too small).  My own experience is with OpenBSD, the leadingly secure UNIX O/S, which has supported IPV6 for years.  A man called Itojun - officially Jun-ichiro Itoh Hagino - worked tirelessly within a project called KAME to prepare a V6 implementation that would work in the BSD family of operating systems.  The Kame IPv6 is now in OpenBSD, NetBSD, FreeBSD, and even Mac OS.  Similar code is in Linux. And there is support in modern Microsoft systems. If you want to geekishly try it out before your ISP has it available, there are several "tunnel brokers"; the one I'm using is SIXXS.

As recently as a few months ago, Itojun pointed out that the current IPv6 standards committee had re-introduced a stupidity from IPv4 known as "source routing". Imagine the long-distance abuses possible if you were able to dictate to the phone company that "I want this phone call from New York to Boston to go via London, Istanbul, Beijing, Hawaii, but bill me only for the New York to Boston trip", and the phone system obeyed you without asking for administrative confirmation. Source Routing basically allows you to do this with Internet data.  Itojun constructed a (carefully controlled!) test that was able to bring part of the internet to a standstill for a few seconds by routing traffic around and around and around...

So why do I mention Itojun, when the IPv6 story is much bigger?  I found out yesterday that he passed away in Japan at the age of 37.  Others are better able to eulogize him ( bugtraq, undeadly, sixxs) than I, who only met Itojun once or twice at OpenBSD gatherings.  But he will be missed, and an important voice in the move towards saving the Internet from itself has been forever silenced.