I want IPv6!

I want IPv6. I want it now. I want it for all my servers. I want it for my Cable connection. I want it for my DSL. I want it for my Phone. Hear me? I want IPv6!

However I cannot get ist. Why? Because nobody cares!

2008-03-16 It already is too late!

For starting my tests I need IPv6. I need them last year. This is because I need IPv6 for at least 2 years to be able to start using them. This does not mean, that I am ready to use IPv6 in two years, this only means, that I am ready to start using them.

Afterwards it will take 4 years to move my services to IPv6.

Here are some of my problems why I cannot use IPv6 so quickly:

  • I have a lot of IPv4-only-Equipment. For it I must install IPv6 Proxy services.
  • I have a lot of Machines which are capable of IPv6, however it is not compiled into the Kernel. Also note that the uptime of my machines often reaches 2 years so there is no room to "just do a reboot". There simply is none.
  • I have a Server Infrastructure which must be moved to IPv6 first to be able to bind it with IPv6.
  • All my DNS-Servers (this are 4 in 4 different places) must start to talk IPv6 first.
  • Afterwards I have to edit zillion of zones and must move zillion of services to the new addresses.
So I, the user, need 6 years to migrate. How many years do you think IPv4 will still last such that you can wait to give me IPv6 and give me 6 years to get used to it? If you think, I can do more quickly, then why did you already needed 8 years (IPv6 was ready already in the last millennium) to do nothing? If you think, I can do more quickly, then please prove that you can do more quickly as well! Do not expect that others are quicker than you.

You are the ISP, you are the professional! Your customers are not the professionals, so you must expect that they need considerably more time than you to get it running!

Also do not think that if you start deploying IPv6 that your customers are quicker than you in accepting IPv6 as well. IPv6 is ready to be deployed since 2000 on ISP level. It take for you 8 years (probably even longer) to recognize the demand for IPv6. So if you are honest you must give your customers at least the time you needed to become aware of IPv6!

If you act today, do not expect IPv6 to reach your customers before 2016. Note that this is 2 years after IPv4 addresses are used up. So it is too late, already. You, the ISP, must hurry up, else nobody ever will reach the goal.

Perhaps some people out there know, that the Internet will not reach 2015? This is the only explanation I can think of why nobody supports IPv6 today.

Why move all?

Well, there is a problem, explained by DJB in The IPv6 mess. The problem is:

If a single machine is IPv4 only, an IPv6-only-machine cannot talk to this machine. And vice versa. This looks like an Dilemma, but it must not be any.

However there is nobody out there defining a transition. This is why people are not interested in IPv6. And this is why ISPs do not provide you with IPv6 even that you perhaps want them.

There simply is no IPv6 today for normal people.

They think they can start at the top (the major backbones already talk IPv6 to each other), then go down to the major ISPs, go down to the smaller ISPs, go down to the Server people and then deploy IPv6 to the common people.

However this claim is false. This will end in a Catastrophe, we will get a split of people already connected to IPv6 and all those others not connected to IPv6. Europe, America and China then can continue to talk together, however all those underdeveloped countries with less budget than a smaller American company will not be able to keep up the pace.

People in underdeveloped countries will effectively go offline for a decade until they are able to talk IPv6.

This does not mean, that those cannot take part of the Internet. No, they can. However they only can do this on the IPv4 layer. However development will continue in the IPv6 layer and more and more new services will start to be IPv6 only. Old IPv4 services will vanish, too, so the situation for IPv4 people will get more and more worse until they will have nearly no connection anymore.

Companies like Google are not the solution. You can provide proxy web access to others, right. But the Internet is far more than only the WWW. People chat, exchange information, try out new protocols each day and share experience. All IPv4-only people will be cut off this sources. And this is bad. I firmly say no to such an arrogance!

The solution is simple

Turn it round. Do not start to deploy IPv6 at the top layer. Start with it at the bottom. Start with the people.

I demand from all ISPs to offer IPv6 to their customers NOW.

This would be an easy task:

  • Hand them out an IPv6 besides their IPv4 if they want it.
  • Give them one single dynamic IPv6. For the beginning this shall be the same as the IPv4 address.
  • Additionally(!) give them a complete IPv6 prefix. At least a /96, better a /80 or even best a full /64, such that all technically experienced people can start to use auto-discovery based on the MAC layer.
  • Create a NAT service at your border routers for them. This is twofold:
    • First, this allows you to deploy IPv6 even that you are not yet IPv6 interconnected. Your customers then can reach all IPv4, and can talk to each other with IPv6. As soon as demand starts to interconnect IPv6 you can talk to your peers or find an IPv6 tunnel to other networks (like 6bone).
    • Second, this allows your customers to seamlessly access IPv4 servers, just by using your NAT service. This way they might even start to not need IPv4, so you get free IPv4 resources back, as your IPv6 is a 90% replacement for IPv4. Most of your customers will accept the restriction that they are behind a NAT then if they talk to IPv4 systems.
  • Customers who need to be reachable from the Internet you can give a fixed IPv4-IPv6 mapping, such that they get assigned a natted IPv4 when they need it and while they are in the session. This still reduces your IPv4 demand, as most customers will not need this. Note that one customer is only eligible for one IPv4, not more. Perhaps the customer also only gets a port range, such that several customers can share one single IP. And with UPnP this will even save more, and be more easy for your customers as well.
There is already everything you need. You only have to utilize it.

This way suddenly a broad number of users will be there, ready for you to use IPv6. Now you can start to make up peerings. Also server operators start to become interested to support those "poor IPv6 people behind a NAT", by deploying IPv6 on their servers, too.

This is the way to go. To start this process, each individual ISP must start with it. Do not wait for others. Support IPv6. Support it now!

Get a RIPE IPv6 block. Hand the IPs out to your customers. Create a small NAT farm which works as the default route of all IPv6 traffic which has no other route. This can be done by policy routing in a Cisco, and this works in fast switching on your border routers (provided you are a default free zone). On this NAT farm try to solve IPv6-IPv4 issues or tunneling to other IPv6 networks.

What is the NAT farm?

Well, it's easy. Go to your local grocery. Buy 5 PCs. And you need a small cheap switch (x5). Put in a second networking card into each machine. Install Linux on them. And you are nearly done. This does cost you less than 5000$, some room, plus energy. If you cannot afford this as an ISP, you perhaps are doing something wrong.

All 5 are a Farm, that is, they work redundantly to do the NAT/Tunnel stuff. One of the PCs acts as a load balancer, which is the "next hop" for your border gateways. The machine which acts as this is chosen by heartbeat and failover. It just transports the packets from the outside via the second card to the other machines which then process the packets and feed them out on their primary interface again to the destination. So no complex setup on any machine, everything is straight forward.

In case something fails either the load balancer moves the traffic from the machine, or if the load balancer is hit, there will be a takeover by another machine. That is why there are 5. You only need 4, moreover only 3 machines would do, but you want this method to scale, right? (And BTW when the switch fails: Either put in a third networking card, or design the service such that it is able to route via the external interface, or, best, have a complete replacement of this NAT farm hot active, so you need 10 cheap PCs).

It's a shoot and forget setup. Just do it once and if it is done correctly, it will be running the next years without additional effort. And it scales. You can easily look at the load and extend this platform. Remember: The more users are using this NAT farm, the better IPv6 is deployed! So do not be afraid, it is easy to manage and nearly free of risks.

Summary

An IPv6-only machine is not able to talk to an IPv4-only machine and vice versa. So there is a fundamental lack in design of IPv6 in that IPv6 is not downward compatible. It works only if the IPv6 machine has an IPv4 address. But this would be of no help.

So if you as the user get an IPv6 address which is not out of the IPv4 pool, your are locked out from the "ordinary Internet" as of today. All you can talk to are those few IPv6 ready machines which can be directly reached by IPv6. Remember: If both are IPv6 but for some reason there is no route fully supporting IPv6 you cannot even talk to this other IPv6 machine, too!

There is missing a link between IPv4 and IPv6, such that you can use IPv6 without an IPv4 address to talk to IPv4 addresses.

So if any IPv6 host cannot reach the destination because there is no route for the destination or there must be a protocol change to IPv4, the default must be to route the data to something, which magically forwards the request to the destination. Either it transforms this down to IPv4 (note that you cannot use IPv6 features with IPv4 destinations anyway) or it tunnels to some intermediate router which is able to reach the destination.

This slow and CPU insensitive process must not be done on border routers. The easiest way to support it is to add an IPv6 default route to an intermediate box which then do all needed transformation to reach the destination. And such a route is best added in a default free zone.

As shown the effort to create such an intermediate box is low. The rest will show up (how to find the tunnels, etc.). For starters there only will be a NAT service to IPv4, such that this NAT device only needs IPv4, not the customer. However this already makes IPv6 usable at the user side.

Conclusion

Well, this sounds like an experiment you might say. Well, yes, of course! IPv6 alone is an experiment already. The complete Internet is an experiment. Back in the old days, when there were no big Internet companies like Yahoo or Google, everything started out of an experiment. Yahoo was an experiment, too. Google does experiments each day! If you are afraid of experiments in your Internet business, you are doing something wrong! Internet is for experiments, it does not support stable business rules and never will.

So if you think you are a serious ISP, you must support IPv6. You must support it today. You should already support it for a long time. If you do not, you are perhaps operating a serious business, but you are then not supporting the Internet. You are exploiting the Internet for your own good. This means, you harm others (i. E. you harm your customers by not supporting IPv6). You are then evil.

Be no evil. 'nuff said.

-Tino, 2008-03-16