Saturday, July 26, 2008

Better late than never IETF

I'm a supporter of the move to the next iteration of the Internet Protocol.  But a little truth in advertising is needed.

The problem with IPv6 is that it can't be rapidly deployed.  IPv4 and IPv6 can't directly communicate due to binary incompatibility on the wire.

The currently recommend migration strategy was for everybody to run both v4 and v6 in dual stack mode. Once major portions of the Internet adopted both then IPv4 could be phased out over time.  Anybody with half a brain can see this is just stupid.  Nobody is going to waste time on v6 if there is no v6 content worth connecting to.  Nobody is going to publish content on v6 until there are people trying to access that content.  Chicken, meet egg, meet chicken.

People will eventually  do this dual stack deployment but only with the barrel of a loaded gun in the form of IPv4 scarcity staring them in the face.  Even so-called geeks have shown a serious lack of interest in IPv6.  Once they do the dual stack deployment they are going to realize that they can't turn off IPv4 for years to come and that is pretty depressing.

Without the geeks leading the way, the natural hesitation of the technology followers means the whole transition will fester until the pain gets pretty great.  I still see this as a strong possibility.  I've never seen so many geeks fail to lead on a critical technology issue like this.

The IETF, having finally realized that having no serious transition plan was a one way ticket to a busted Internet, have started looking at NAT options for enabling IPv6 only devices to communicate with IPv4 devices.

IETF had previously come up with several transition mechanisms including at least one (NAT-PT with DNS application layer translation that were workable) but had decided to obsolete them!!!  To be fair this is a fairly nasty technique but we have to keep the goal front and center - migrate quickly to IPv6 with minimal effort and disruption and turn off IPv4.

Ironically - it wasn't until IETF starting dogfooding IPv6 that serious discussions about what it would take to get to single stack IPv6 end result started happening in earnest.  I don't want to discount the years of discussion that went into IPv6 development but it's obvious now that people weren't being realistic.

D.J. Bernstein was discussing the fundamental binary incompatibility and content issue years ago but he didn't make a serious dent.  He would have preferred binary compatibility which would have probably meant a bunch of applications had to be changed but that work had to be done anyway but it would almost certainly have meant that we would be well into adoption by now.

I tested the "obsolete" NAT-PT option with DNS proxy translation option a couple of months ago and it certainly worked for basic web surfing and email type access but getting it compiled and operational was challenging.  We need to make this or the new translation method easy and slap it into consumer routers and Linux/BSD distros and commercial firewalls or proxies so that it can be rapidly deployed.  This will probably involve a bunch of stateful translators being written just like what we have for IPv4 NATs.

I strongly supported the idea of a non-wire-compatible IPng in order to enable improvements to IP.  At the same time, I strongly disagreed with the idea that there shouldn't have been a preferred translation mechanism ready made to be bolted on during the transition and then discarded like barbershop hair trimmings when IPv4 access was no longer needed.

Realistically, IPv4 is so strongly embedded in the Net now that it is going to take 10-15 years to purge most of it.  We can be sure pockets of IPv4 will be running on intranets long past that point like DECnet or IPX still runs today but it should be largely gone from the major backbones.

It will take at least a year and a half for IETF to pick one approach that works best.  The IPv4 crunch will start to hit probably around the same time as people scramble to get the last addresses and prices for IPv4 space start to go up.

If you haven't taken time to enable IPv6 in your network please start playing with it now.  It's not that big a deal to get it working in dual-stack mode.  Once you put a globally routable address on your internal devices you start to get back to the Internet as it was in the old days - every node was directly reachable.  And that end-to-end is a good thing.

Yes we need IPv6 NAT to get the transition done.  And we may need it for a few other things like proxy servers and what not.  But in the end NAT needs to be rarely used.  And we need to close the book on IPv4.