dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4439

catchingup
@72.39.85.x

2 recommendations

catchingup to BHNtechXpert

Anon

to BHNtechXpert

Re: [Internet] BHN IPv6 Migration Status?

said by BHNtechXpert:

Actually no it wasn't and that is part of the problem....

IPv4 wasn't designed with any security in mind and there have been tons of issues over the years with IPv4 implementations and various protocols involved with IPv4.

anon ipv6
@216.164.220.x

anon ipv6 to geo44

Anon

to geo44
said by geo44:

Looks like this is more of a protocol issue than anything with IPv6?
Would that be closer to the problem?

No, some poster hoped that IPv6 was designed with security in mind , like no more spoofing of IP addresses etc... and both IPv4 and IPv6 were not designed with security in mind.

Since both IPv4 and IPv6 were not designed with security in mind, what is the real reason for not deploying IPv6?

Thanks

twalls
join:2014-06-11
Tampa, FL
ARRIS SB8200
eero Wi-Fi System

4 recommendations

twalls

Member

said by anon ipv6 :

Since both IPv4 and IPv6 were not designed with security in mind, what is the real reason for not deploying IPv6?

I think Gary has covered this in other threads, but I think it boiled down to:

- Cost/time to train employees
- Cost/time to train users
- Cost/time to upgrade/replace equipment that doesn't support IPv6
- Cost/time to listen to users whine because their personal equipment doesn't support IPv6
- Risk involved with deploying IPv6 one way and finding out the rest of the industry ends up doing it another way later on
- Risk involved for users who have depended on NAT for security by obscurity up to this point ("surprise! everything is public-facing now!")
- Risk involved for users who don't know how to protect themselves when using IPv6 or who use old software and have a false sense of being protected by software that doesn't support IPv6
- Depending on how prefixes get handed out to customers, dealing with complaints that people don't know the local addresses of their machines/devices because they keep changing, etc.

The list could go on for a bit. We're not quite ready for the average user to be on IPv6 yet, especially not those with more than one client connected to the modem. I'm intrigued by how Comcast is moving forward with things. I get the feeling that the rest of the industry is watching and taking notes on what they do right and wrong. I've heard people say "well, Verizon Wireless got everyone on IPv6 easily enough." Yeah, and Verizon Wireless doesn't have the same kind of issues that you'll get when people's entire home networks are affected by the change.

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup

Member

1: Employee training is a concern. I hope by now all the network and backend folks already know what they need to know. Front line employees do need training but they need to be working on it, not waiting.
2: Users are on their own. Make documentation, train your support and installation employees. My mother doesn't know what IPv4 is, so she doesn't need to be "trained" on IPv6.
3: This should have happened with the transition to DOCSIS 3.0, and at a very minimum they should not be buying any new CPE or internal equipment that doesn't support IPv6.
4: IPv6 deployment doesn't mean IPv4 goes away. If users have incompatible equipment it will keep working on the IPv4 internet.
5: There's not "another way" to deploy it. It works the way it works, and while there are choices like NAT and firewalls, there's not a lot they can do that would be dependent on other networks unless they're not going by the spec
6: No reason that users can't remain behind a NAT or other firewall when IPv6 is rolled out. Absolutely no reason that you automatically have to be "public" with all your devices, even if you use public IPs internally.
7 and 8 (and 6, really): Solved by still giving people one public IP by default, let them NAT it, and if they want their 32 billion addresses they're entitled to they can specifically enable and configure for it.
Aprel
join:2013-09-14

1 recommendation

Aprel to twalls

Member

to twalls
Great summary!

Also, could you elaborate on this?
said by twalls:

- Risk involved for users who have depended on NAT for security by obscurity up to this point ("surprise! everything is public-facing now!")

BHNtechXpert
The One & Only
Premium Member
join:2006-02-16
Saint Petersburg, FL

1 recommendation

BHNtechXpert to twalls

Premium Member

to twalls
said by twalls:

said by anon ipv6 :

Since both IPv4 and IPv6 were not designed with security in mind, what is the real reason for not deploying IPv6?

I think Gary has covered this in other threads, but I think it boiled down to:

- Cost/time to train employees
- Cost/time to train users
- Cost/time to upgrade/replace equipment that doesn't support IPv6
- Cost/time to listen to users whine because their personal equipment doesn't support IPv6
- Risk involved with deploying IPv6 one way and finding out the rest of the industry ends up doing it another way later on
- Risk involved for users who have depended on NAT for security by obscurity up to this point ("surprise! everything is public-facing now!")
- Risk involved for users who don't know how to protect themselves when using IPv6 or who use old software and have a false sense of being protected by software that doesn't support IPv6
- Depending on how prefixes get handed out to customers, dealing with complaints that people don't know the local addresses of their machines/devices because they keep changing, etc.

The list could go on for a bit. We're not quite ready for the average user to be on IPv6 yet, especially not those with more than one client connected to the modem. I'm intrigued by how Comcast is moving forward with things. I get the feeling that the rest of the industry is watching and taking notes on what they do right and wrong. I've heard people say "well, Verizon Wireless got everyone on IPv6 easily enough." Yeah, and Verizon Wireless doesn't have the same kind of issues that you'll get when people's entire home networks are affected by the change.

You pretty much nailed it. The hardest part will be user education because it is that much different. I am not looking forward to it...

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup to Aprel

Member

to Aprel
said by Aprel:

Great summary!

Also, could you elaborate on this?

said by twalls:

- Risk involved for users who have depended on NAT for security by obscurity up to this point ("surprise! everything is public-facing now!")

Currently, IPs are scarce so you only get one from your ISP, meaning everything on your home network has a "private" IP behind your router sharing one public IP. This means that from my house I cannot directly hit the IP address of your Xbox, I can only get as far as your router.

In the IPv6 world there are 340282366920938463463374607431768211456, or 2 raised to the 128 power, or 40,000 IP addresses for every atom on the surface of the Earth. This is compared to only 4,300,000,000 IPv4 addresses. This means that in theory your ISP can give you an unlimited number of publicly routable, publicly accessible IP addresses. If you did not either NAT your network (meaning put it behind a router like you do today) or setup some kind of firewall, I could then get to your Xbox or security camera, or any other device inside your network.
Aprel
join:2013-09-14

1 recommendation

Aprel

Member

Ahh, ok. Wasn't aware ISPs would hand out multiple public addresses as they go live with IPv6.

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup

Member

said by Aprel:

Ahh, ok. Wasn't aware ISPs would hand out multiple public addresses as they go live with IPv6.

They won't necessarily, but they will be able to.
BHNtechXpert
The One & Only
Premium Member
join:2006-02-16
Saint Petersburg, FL

1 recommendation

BHNtechXpert to Aprel

Premium Member

to Aprel
said by Aprel:

Ahh, ok. Wasn't aware ISPs would hand out multiple public addresses as they go live with IPv6.

Yes once we're a go you will be issued a block of IP's all to your self

twalls
join:2014-06-11
Tampa, FL
ARRIS SB8200
eero Wi-Fi System

2 edits

2 recommendations

twalls to mixdup

Member

to mixdup
said by mixdup:

1: Employee training is a concern. I hope by now all the network and backend folks already know what they need to know. Front line employees do need training but they need to be working on it, not waiting.
2: Users are on their own. Make documentation, train your support and installation employees. My mother doesn't know what IPv4 is, so she doesn't need to be "trained" on IPv6.
3: This should have happened with the transition to DOCSIS 3.0, and at a very minimum they should not be buying any new CPE or internal equipment that doesn't support IPv6.
4: IPv6 deployment doesn't mean IPv4 goes away. If users have incompatible equipment it will keep working on the IPv4 internet.
5: There's not "another way" to deploy it. It works the way it works, and while there are choices like NAT and firewalls, there's not a lot they can do that would be dependent on other networks unless they're not going by the spec
6: No reason that users can't remain behind a NAT or other firewall when IPv6 is rolled out. Absolutely no reason that you automatically have to be "public" with all your devices, even if you use public IPs internally.
7 and 8 (and 6, really): Solved by still giving people one public IP by default, let them NAT it, and if they want their 32 billion addresses they're entitled to they can specifically enable and configure for it.

1. I agree there should be people who already understand this, but it is bad enough doing something like a tuning adapter with a typical CSR. Yes, there are still employees that need training. Some of this could be pending a finalized plan for implementation for example.
2. Users didn't transition to IPv4, it just came with Internet access. Users have developed certain assumptions over the years that might need adjusting. If nothing else, you're going to have users asking what this is all about. I'd hate to use your ISP and be told I'm on my own...
3. I suspect there is still old equipment out there. I just got my new modem a couple of months ago. I was never advised to, I did it on my own. There's bound to be others running D2 modems as long as standard 10/1 service is offered.
4. I'll admit you had to read into this one. As an ISP, I imagine you get blamed for crap that doesn't work, even if it isn't your fault (see recent e-mail outage). Users are gonna complain that they can't access such-n-such and have to told by the newly-trained CSR that the OS/software/device doesn't support IPv6. Odds are that will only matter when trying to access remotely and users discover inconsistencies, but the point is this: Users will have another reason to bog down the support techs. There is a potential for time and money to be wasted on this.
5. How many networks have you setup IPv6 on? Which method did you choose to advertise addresses (DHCPv6, radvd, etc.)? How did you deal with different routers, OSes, and devices only supporting one or the other. How long of a prefix are you handing out to customers? Do they change or are they statically assigned for as long as they're a customer? I'm not saying I'm an expert by any means. I've only had chances to deploy IPv6 at home with 6to4 tunnels (edit: I meant 6in4 tunnels from HE, at least primarily. I did try poking around with 6to4, but got sent off to some connection in Europe...), and I've had client/server experience at work. Even with the limited experience I've had, I've seen there are several different ways to do things. It also doesn't help that standards keep changing. The deprecated RDNSS settings that I played with before I found out they were deprecated come to mind. The support for /48 subnets is apparently still supported in older OSes even though I'm pretty sure I read some RFC no longer recommends it (edit: I looked this up, and I was thinking of site-local addresses in XP that were deprecated in RFC 3879). My point is things still feel like they're fluid and changing. People are learning you can't just block ICMPv6 like you used to with IPv4 without breaking certain things like neighbor discovery. I'm sure the protocol will evolve as the real world challenges it and exposes it to unanticipated situations. There are different ways to implement this stuff, even Comcast has said that about their own rollout.
6-8: Again, this is where it matters how the ISP handles things (that whole thing you just said didn't exist on having a choice in how things get deployed). On customer-owned equipment, sure, you can just drop IPv6 support at the modem by turning off support on the router. With ISP-owned equipment, you suddenly have control that can potentially expose every device on a customer's network.

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup

Member

all of those tunnels and whatnot are transitory and eventually won't matter. the size of the prefix and how many IPs are given to customers is an implementation detail that doesn't matter if BHN does it the same way as AT&T or Charter or Cox.

I'm not saying there aren't preparations to be made, but it's 2014. IPv6 was finalized as an IETF spec in 1998. How much longer?
bighorn1
Premium Member
join:2004-06-19
BD, CA

3 recommendations

bighorn1

Premium Member

said by mixdup:

the size of the prefix and how many IPs are given to customers is an implementation detail that doesn't matter if BHN does it the same way as AT&T or Charter or Cox.

Well, last time I looked at you'd need /64 for SLAAC to work, so that's probably minimum you'd get (2^64 addresses).
said by mixdup:

all of those tunnels and whatnot are transitory and eventually won't matter

As long as there are ipv4 only devices around, it will matter. We may look here at 20 years or so of having both standards around. Probably much longer.

DCELL
CC/Nature Coast
join:2010-06-17
Inglis, FL

1 recommendation

DCELL

Member

said by bighorn1:

As long as there are ipv4 only devices around, it will matter. We may look here at 20 years or so of having both standards around. Probably much longer.

THIS is one of the few solid facts bantered about in this thread, with emphasis on the "Probably much longer"...

Astyanax
Premium Member
join:2002-11-14
Melbourne, FL

1 recommendation

Astyanax

Premium Member

Looks like evil Comcast has a leg up on BHN in the IPv6 migration. Look at this thread.

catchingup
@135.23.225.x

1 recommendation

catchingup

Anon

said by Astyanax:

Looks like evil Comcast has a leg up on BHN in the IPv6 migration. Look at this thread.

As does TWC with their network over 90% complete with their roll out.

twalls
join:2014-06-11
Tampa, FL
ARRIS SB8200
eero Wi-Fi System

1 recommendation

twalls

Member

said by catchingup :

As does TWC with their network over 90% complete with their roll out.

Indeed! I was surprised to see this. Seems Comcast has been very vocal about their transition, while others have been less so...

»www.timewarnercable.com/ ··· pv6.html

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup to bighorn1

Member

to bighorn1
said by bighorn1:

said by mixdup:

the size of the prefix and how many IPs are given to customers is an implementation detail that doesn't matter if BHN does it the same way as AT&T or Charter or Cox.

Well, last time I looked at you'd need /64 for SLAAC to work, so that's probably minimum you'd get (2^64 addresses).
said by mixdup:

all of those tunnels and whatnot are transitory and eventually won't matter

As long as there are ipv4 only devices around, it will matter. We may look here at 20 years or so of having both standards around. Probably much longer.

They can just keep giving out IPv4 addresses, and eventually they can move to carrier grade NAT.

The easiest and simplest way would be to just start giving out one single IPv6 address, dynamically, to every customer just like they do for IPv4. Let customers who want to use it NAT it. As they get better acquainted with it and preparations are further along they can start handing out a whole prefix to each customer, and keep giving one IPv4 address (or let customers opt into CGN and get dozens of IPv4 addresses).

It doesn't have to be complicated and it doesn't have to require tunnels and whatnot.

aefstoggaflm
Open Source Fan
Premium Member
join:2002-03-04
Bethlehem, PA
Linksys E4200
ARRIS SB6141

aefstoggaflm to bighorn1

Premium Member

to bighorn1
said by bighorn1:

What's the rush?

As of today:
0.0017% of websites are ipv6 only
0.00052% of mail servers are ipv6 only
0.00056% of DNS servers are ipv6 only

compare that to
92.95% of websites are ipv4 only, 6.65% are dual stack
85.20% of mail servers are ipv4 only, 14.8% are dual stack
71.34% of DNS servers are ipv4 only, 28.66% are dual stack

With those status, they are not talking about turning on IPv6 and turning off IPv4, they are talking about dual stack
aefstoggaflm

aefstoggaflm to BHNtechXpert

Premium Member

to BHNtechXpert
said by BHNtechXpert:

#2 -Nowhere close to this scenario and rest assured IPv6 will be available long before anything like this is likely to occur. Just because it isn't available yet to you does not mean it isn't being working on or even ready for that matter.

While native IPv6 is preferred (and is the long term goal): How about allowing users to opt-in to using IPv6 from you (even if that means using a tunnel provided by you)?

Thanks

catchingup
@135.23.225.x

catchingup

Anon

said by aefstoggaflm:

While native IPv6 is preferred (and is the long term goal): How about allowing users to opt-in to using IPv6 from you (even if that means using a tunnel provided by you)?

People can already run tunnels as it is. Bringing that up is a waste of time and resources and its way past the point of tunnels being an effort ISPs should bother with at all.

mixdup
join:2003-06-28
Alpharetta, GA

1 recommendation

mixdup

Member

I agree. ISPs should just be focused on getting native IPv6 ready to go. Tunnels are available from third parties for people who want to go that route today, and being a tiny transitory solution shouldn't have time and money wasted on it by ISPs.
BHNtechXpert
The One & Only
Premium Member
join:2006-02-16
Saint Petersburg, FL

1 recommendation

BHNtechXpert to aefstoggaflm

Premium Member

to aefstoggaflm
said by aefstoggaflm:

said by BHNtechXpert:

#2 -Nowhere close to this scenario and rest assured IPv6 will be available long before anything like this is likely to occur. Just because it isn't available yet to you does not mean it isn't being working on or even ready for that matter.

While native IPv6 is preferred (and is the long term goal): How about allowing users to opt-in to using IPv6 from you (even if that means using a tunnel provided by you)?

Thanks

IPv6 is one of many priorities right now. I'll let you know when it's available.

bigdaddy
join:2009-11-18

1 recommendation

bigdaddy

Member

Any new info ?
BHNtechXpert
The One & Only
Premium Member
join:2006-02-16
Saint Petersburg, FL

1 recommendation

BHNtechXpert

Premium Member

said by bigdaddy:

Any new info ?

Nothing new has posted right I'll let you know.

telijah
Premium Member
join:2013-04-22
Brandon, FL

telijah to Astyanax

Premium Member

to Astyanax
IPv6 will just make it harder to remember my IP address
BHNtechXpert
The One & Only
Premium Member
join:2006-02-16
Saint Petersburg, FL

1 recommendation

BHNtechXpert

Premium Member

said by telijah:

IPv6 will just make it harder to remember my IP address

For most of you IPv6 will change nothing....everything will be the same as it was the day before. Then there are the rest of you....the rest of you....the rest of you SMH (those will be busy days).

aefstoggaflm
Open Source Fan
Premium Member
join:2002-03-04
Bethlehem, PA
Linksys E4200
ARRIS SB6141

aefstoggaflm to telijah

Premium Member

to telijah
said by telijah:

IPv6 will just make it harder to remember my IP address

Why do you need to remember your IP Address?

Unless, I am missing something that is what DNS is for (including DDNS).

Note where DDNS is mostly used for users without a Static IP.

telijah
Premium Member
join:2013-04-22
Brandon, FL

telijah

Premium Member

Don't question my reasoning! (Or sarcasm)

I don't need to remember them, I don't have static IP anymore, but still run a few web services from my home server using several domain names. Knowing the IP has helped on more than one occasion though.

mixdup
join:2003-06-28
Alpharetta, GA

mixdup to telijah

Member

to telijah
said by telijah:

IPv6 will just make it harder to remember my IP address

This is why Al Gore invented DNS