August 2008 Archives

This week, Arbor Networks released a report on the status of IPv6 deployment. There's also a well-written blog entry on the subject by the author. They claim it is the "largest study to date on IPv6 traffic on the Internet."

The results are not encouraging.

We've known for some time that IPv6 adoption is lagging far behind where it should be. It's been well-reported that IPv6 traffic makes up a tiny fraction of total Internet traffic. But Arbor's numbers are even smaller still.

Arbor claims that less than 0.01% of Internet traffic uses IPv6:

While this number is sobering (perhaps shocking is a better word), I think Arbor's numbers are low. The study has a few issues which I think led to undercounting of IPv6 traffic. The Arbor study was heavily biased towards North American and European ISPs. Of the 98 providers in the study, only 6 were in Asia. A fair amount of IPv6 adoption is in Asia, so it seems odd to exclude that region.

Ignoring the regional issues, Arbor's report is a little confusing on the issue of native versus tunneled IPv6. They claim to have collected data on both, but their graphs only show tunneled traffic. It also claims that they have difficulties extracting data on native IPv6 due to equipment limits at participating ISPs/IXPs:

Our measurements showed a negligible amount of native IPv6 traffic. However, since we do not currently have a good estimate for the number of monitored routers in our study that are capable of exporting flow records for native IPv6 traffic, we are unable to conclude whether this is due to a true lack of native IPv6 traffic or simply due to the limitations of the network reporting infrastructure itself.

Arbor tried to adjust their figures to include native IPv6, but there are no good estimates for the ratio of native to tunneled IPv6 (and Arbor admited this in their report). I wish they had provided more detail about how many participants provided data on native IPv6. It would also have been very interesting to see the data broken down by RIR region. Hopefully this data will be forthcoming in a follow-up report.

Nevertheless, if you know where to look, you can find IPv6 usage that's higher than Arbor's findings. The Amsterdam Internet Exchange (AMS-IX) is one of the largest Internet Exchange Points (IXPs) in the world. They provide real-time, public data on IPv6 traffic:

Network traffic at the Amsterdam Internet Exchange(emphasis added)


According to AMS-IX, native IPv6 makes up 0.1% of its traffic. This is still far too small, but it's 10x greater than Arbor's value for tunneled IPv6 (0.01%). Granted, this is only one data point, but it's an encouraging one.

There are other reasons to be optimistic. If you look ad application-domain-specific statistics, you see numbers that are higher than Arbor's. If you look at DNS, for example, you see about 1% of the traffic at the root is over IPv6. Again, this number is far lower than it should be given than the IANA pool will run out in three years, but it's much higher than Arbor's numbers.

Geoff Huston, chief scientist at APNIC, reported earlier this year that 0.4% of traffic to the APNIC website is over IPv6. Again, while this number is still frighteningly small, it is orders of magnitude larger than Arbor Network's findings.

(As an aside, I never thought I'd be using these dismal numbers to defend IPv6 deployment).

Why are these numbers so low? Several reasons. First, relatively few DNS registrars accept AAAA glue, making it harder for sites to make themselves reachable over IPv6. Second, many sites are deploying IPv6 in stages. Usually they get v6 DNS
first, and only much later move on the higher-level services like HTTP. For those that do have IPv6 HTTP, I have to wonder how many of them have it on their "www" name. Neither Google or the 2008 Olympics do. Nor does freenode. Anything that requires a user to go to a different URL is going to reduce the amount of traffic it gets.

But there is reason to be optimistic. The amount of IPv6 traffic is increasing. If you go back to AMS-IX's stats, you see this for IPv6:

Year-to-date IPv6 traffic at the Amsterdam Internet Exchange


There's been quite a surge in recent months. You see similar results for DNS traffic. From the H-root:

Year-to-date IPv6 DNS traffic at the H root
Max  In: 328.2 kb/s (0.3%) Average  In: 31.2 kb/s (0.0%) Current  In: 87.1 kb/s (0.1%)
Max  Out: 618.4 kb/s (0.6%) Average  Out: 99.6 kb/s (0.1%) Current  Out: 304.6 kb/s (0.3%)


Given this recent surge, I'm still cautiously optimistic. It appears as if the recent media coverage of IPv6 has been paying off. I'm very anxious to see if this increase in traffic continues through year's-end.

Last Friday I gave a talk on IPv6 for the Penn State Mac Admins group. It was received well. Surprisingly, there were a lot of questions about IPv6 tunneling for home use. Fortunately, Apple makes it very easy to setup 6to4 tunneling -- it takes 5 mouse clicks on Apple's Airport products. The talk was mostly praiseworthy for Apple, who I think has done a really good job integrating IPv6 into most of their products.

Slides are here, if you're interested.

There's been a lot of great progress on IPv6 this summer. I'd like to highlight some recent news items:

Google

A few months ago, Google launched a preview IPv6 service. That made their search engine, maps and a few other services reachable at a special URL: http://ipv6.google.com/. They've recently expanded this service to include their cache (note the IPv6 address in the URL):

google_v6_cache_large.png

This is a good missing piece to fill in. I'm still waiting for IPv6 at www.google.com, though.

Wikipedia continues IPv6 testing

Wikipedia has been testing IPv6 throughout the summer. They've already v6-enabled several of the secondary services (mail, bug tracker, Subversion repository, etc).

Many organizations are still afraid to use IPv6 on their main web site. There's a lot of FUD and myth that IPv6 will break clients and drive away visitors. Wikimedia is empirically testing these claims. The preliminary results look encouraging -- less than 1% of their test clients show problems.

.org

The .org domain just announced that it will accept IPv6 records. They've had AAAA glue in the DNS root for a while, but until this week they didn't allow .org's to have AAAA glue. This is really great news. 70% of the top-level domains have IPv6 glue in the root, but not many of them accept AAAA glue themselves.

nmap

nmap, the venerable port-scanning tool, now includes IPv6 support in its Windows version. This is great for security conscious sysadmins who want to test their systems.

Some admins think they're safe from port-scanning because IPv6 subnets are so big (18 million million addresses per subnet). This just isn't true. There are many ways for an attacker to reduce this search space. I highly recommend reading RFC 5157 for guidance on IPv6 port scanning.

Huge surge in IPv6 DNS traffic

In February, 2008, the DNS root enabled IPv6 transport. During spring 2008, IPv6 traffic at the root was relatively flat. But starting in late June, IPv6 traffic has steadily increased, and is now nearly four times higher than the spring average:

h2_6-year.png

Independently, there has been a significant increase in AAAA queries. At one of the largest ISPs in Japan, almost 20% of the DNS traffic is IPv6-related:

aaaa_queries_over_time.png

I took the graph from a presentation at the 2008 DNS Operations Workshop.