[rhelv6-list] IPv6 adoption with RHEL6 (and GNU/Linux in general)
Leinweber, James
jiml at mail.slh.wisc.edu
Wed Jan 12 18:23:27 UTC 2011
Matthias Saou:
> ... scary story about IPv4 space exhaustion...
Personally, I'm predicting the IPocalypse for 2013. IANA runs out
of IPv4 /8's next month, most RIR's including ARIN and APNIC are
projecting to be out in H2 2011. For APNIC "out" means only
allocating /22's, so complete exhaustion may be a ways out yet,
but customers who don't want to do lots of NAT will be out of
luck. Here in the US the 4G phone rollouts from T-mobile, Verizon
etc. are already dual-stack-lite, meaning IPv6-mostly. (Native
IPv6, carrier NAT44). Google, Facebook, and CNN are v6-enabled,
more or less. ISOC just declared June 8th to be "world IPv6 test
day".
I figure in 2013 about 15% of the internet will be IPv6-only,
mostly in India, China, and mobile stuff. Probably 2015 before
v6 is widespread, 2017 before it's 99% of traffic, and 2020 before
the tier-1 ISP's declare a flag day and turn off IPv4 routing.
Note that an IPv6-only router has about 1/18th the load of a
dual-stack v4+v6 router, so while there was no incentive to
deploy IPv6 historically, there is a very strong incentive to
get rid of IPv4 transit (except tunneled) once v6 is common.
I don't see the last IPv4 device disappearing until 2036 or so,
giving v4 an impressive 55 year run as a network technology.
I suggest avoid v6 prior to windows 7 SP1, redhat 6,
summer's Mac OS-X 10.7 "lion", etc. The lesson of NANOG 42's
IPv6 hour is that dual-stack-something on new software is
the way to go; older software and v6-only would be a support
nightmare. Note that Android and iOS are already v6-enabled,
so the smartphones will be knocking on the door of your
web servers via v6 any year now.
> ... ip6tables doesn't support NAT.
It's worse than ip6tables, the IAB and IETF hate NAT, refuse
to define NAT66, and Really Want to return to the end-to-end
transparency of the 1980's as their v6 model. See e.g.
RFC-5902 from July 2010 for their most recent thinking.
NAT64 (e.g. draft-IVI) isn't good for much beyond HTTP,
and NAT46 is defunct (you can't fake DNS A for AAAA
servers reliably at internet scale). So for 2012-2015 I
expect the world to belong to 6rd (tunneled v6 over v4
from your broadband modem to your ISP) and dual-stack-lite
(native v6 with carrier NAT44). The v6 transition is going
to be like the transition from analog to digital TV: a little
messy, a lot confusing, and new subscriber equipment
all around.
NAT fans who are faced with rolling out v6 should probably
be looking at RFC-4193 unique local addresses (format
FD+40 random+16 subnet+64 host bits) to meet their
private / unroutable address needs.
None of this helps Matthias's topology dilemma, alas. Some
of us have it easier - I currently only have 1 layer of
internal routing, so if I add v6 subnets on my firewalls,
I'm good. I've already got my 2607:f388:1084::/48 divied
up and routed externally, so I'm getting closer to production v6.
-- Jim Leinweber
State Laboratory of Hygiene, University of Wisconsin - Madison
<jiml at slh.wisc.edu> 2810 Walton Commons West; phone +1 608 221 6281
PGP fp: 2E36 47BC DB03 57CE 86AD 19CC 41A1 9179 5C6B C8B9
More information about the rhelv6-list
mailing list