January 2011 Archives

Earlier today, the Asia-Pacific registry got the last two blocks in the central IPv4

The IANA has been sitting on five /8s (one per regional registry), and these will be handed out (along with the fragments from the legacy class B space), one to each registry. The IANA IPv4 registry doesn't yet reflect this.

This is the first milestone in IPv4 depletion. The regional registries will start to run out later this year. Most likely, Asia-Pacific will run out first, followed by Europe, then North America. The South American and African registries will last longer, as there's much less demand for IPv4 addresses in those regions.

The Asia-Pacific registry estimates it will run out of IPv4 by the end of this summer.

It was fun while it lasted.

As I'm sure you've heard by now, June 8, 2011 is World IPv6 Day. On that day, several major content providers will turn on IPv6 on their public-facing services for a 24-hour period and see what happens. For some time, there's been concern that turning on IPv6 on a web site's main URL (e.g., www.foo.com) would cause unacceptable levels of breakage (see, for example, slide 6 of this talk by Google at RIPE 57).

Nevertheless, forward-looking organizations realized that they needed to start deploying IPv6. They did this by putting IPv6 at a different URL (such as ipv6.google.com or www.v6.facebook.com), or by whitelisting approved domains for IPv6 access. These approaches let them get operational experience with IPv6 without impacting the vast majority of IPv4-only users (currently estimated at over 99% of the Internet). Nevertheless, URL tricks and whitelisting aren't scalable, long-term solutions, and there's a desire to see what would happen if we lit up IPv6 for real. Some sites have bitten the bullet and turned on IPv6 on their main site, with few problems. Others are more timid and want a limited-scope trial. Hence, IPv6 Day.

I'm certainly in favor of this, but the timing concerns me. The IANA IPv4 pool (the central pool of IPv4 addresses) is due to run out any day now, but IPv6 Day isn't for another six months. So, we'll end up doing out first large-scale production test of IPv6 after the first milestone of IPv4 depletion. This concerns me. The IT industry as a whole has dragged its feet with IPv6 for over a decade. Further delay seems ill-advised. I'm also worried that sites will turn off IPv6 at the end of the day. At the point, we should be leaving IPv6 enabled everywhere we can, unless there's a major problem. I hope that the hard work of many organizations leading up to IPv6 Day will mitigate most of the problems, and that we can use the results as reason to turn IPv6 on and leave it on.

Nevertheless, I give kudos to sites like Yahoo for stepping up and participating, even if it means some short-term breakage. The need to deploy IPv6 is too urgent to let fears of short-term problems paralyze us. I hope other sites with IPv6 pilots participate, like CNN and Wikipedia.

Penn State readers, consider this my public call to you to enable IPv6 on your services. Our internal audits reveal high levels of IPv6 support in several major services. Several highly visible services could be IPv6-enabled very easily (by slapping v6 addresses on a few load-balancers). Network admins should also deploy IPv6 to client machines, to increase the audience for IPv6-accessible content (it will also help reduce breakage from user-created IPv6 tunnels). There's no reason, other than willpower, why PSU can't participate in IPv6 Day.

I walked into Penn State's Computer Store today to ogle a Macbook Air. Out of habit, I opened Terminal and ran ifconfig. The box had an 6to4 IPv6 address from a rogue router somewhere in the HUB (probably someone's Windows laptop running Internet Connection Sharing). Fortunately, I was still able to get to various IPv6 sites, but we really need to fix this. I know we're doing a better job policing this in the dorms, but I'm seeing more and more of this stuff on the wireless networks across campus.

IPv6 is on our networks whether we put it there or not. Let's step up, treat it as a production service, and deploy native IPv6 rather than let unsuspecting students and staff do it for us with tunnels.

And, no, I didn't buy the shiny laptop. Even if it is really svelte.