|
After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn’t include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows.
1. Myth: There is no need for IPv6.
Truth: There are more needs for IPv6 than almost any one person can imagine, as was true of all major information technology advances, because the true potential of IPv6 will be realized by billions of people, places and things being connected - which will change many societies, and will be used for decades.
It is true that there is no need for IPv6 in the U.S. based on an IPv4 address shortage, and the obsessive, almost maniacal, focus on this in what little the press says about IPv6 has led to a very sterile discussion that rarely seems to go on to new, more vital topics. Of the 4.3 billion possible IPv4 addresses, between 30 and 70%, depending on whom you speak with, are still available, and there are over 1 billion stockpiled by government agencies and companies that have indicated they would be moving to IPv6, and therefore don’t actually need those addresses, and could theoretically sell, trade, or donate them.
2. Myth: IPv4 works well enough. Everything that can be done in v6 can be done with v4.
Truth: IPv4 lacks authentication and Quality of Service, as well as the Flow label. The curious who spend a few days with a hacker, or read about what Google is coming up with, can see that they can steal products, services, movies, music, and even identities with the existing Internet. They can anonymously solicit children to have sex, disrupt corporate businesses, and waste the time of 100 million people by sending spam that they pretend is from another person’s website. I’m sorry, but if you think IPv4 does everything it needs to, it may be because your expectations are too low. While some claim that IPv6 has no security advantages over IPv4, they are usually referring to special or hybrid networks, which use encryption, encapsulation, or tunneling to kluge the two together. This is as unfair a comparison as an older one that put IPv3 together with IPv4 and tested that combination, and then said there was no advantage to IPv4. For a true test by the U.S. federal government of v6 advantages we need more IPv6-native applications, and we need to include in the comparison with v4 the potential for Network Address Translation (NAT)-enabled IPv4 networks with internal adversaries (because NATs don’t adequately protect the addresses behind them).
3. Myth: The market will take care of IPv6, if IPv6 is useful.
Truth: No company can set the standards for the entire world—even if it wanted to—which is what is necessary to build a new Internet. The net present value of the entire world is over $360 trillion dollars, while the greatest corporate market cap in history was about $600 billion. The Gross Global Product is about $40 trillion (with variation due to currency fluctuations), but the largest companies do only about $250 billion, and they are subject to thousands of rules, laws, regulations, lawyers, and potential lawsuits. The U.S. government, with a $2.6 trillion annual budget, is the only entity with sufficient gravity to serve as a unifying force for a global infrastructure that will touch over 200 countries, thousands of industries, and a world with 100 million companies.
4. Myth: No, really, the market will take care of IPv6! The Dept. of Commerce says so!
Truth: The Dept. of Commerce study allowed companies to make their case. Companies like Cisco, Juniper, Lockheed Martin and a few telcos and ISPs said, “We can handle IPv6 ourselves.” Well, yes, they can implement it in their own networks and put it into their products. However, they can’t make sure that the IPSec or authentication or QoS conventions that are used by the DoD or police or sheriffs or EMT are all either the same or at least interoperable. They can’t work with NATO or the European Union to use the same standards for the next two decades. They can’t negotiate setting procurement policy for governments. They can’t give unbiased training and advice or comparative test bed results for all of their competitors. They can’t pledge, “We will never patent, trademark or copyright anything, and we will never try to leverage or file suit over our existing patent portfolios. We will never stop selling or supporting a product as long as the American government might need it, even if the government doesn’t pay us enough for that to make a profit.” Companies have a legal, fiduciary obligation to make money for their shareholders, while following laws that change and sometimes conflict with each other from state to state and country to country, and sometimes they go chapter 11 or 7, and sometimes they get acquired. Companies are prohibited under anti-trust legislation from colluding, and collusion, by another name, is a synonym for “mutually agreeing on standards.”
5. Myth: The U.S. federal government has a vision, mission, and a plan for IPv6.
Truth: Only Japan, Korea, and China have a vision, mission, and plan for their countries. Everyone else is floundering around in various states of disorganization, with various people doing various things in uncoordinated fashion. There is nothing even close to a U.S. Federal IPv6 Transition Office, though there should be.
6. Myth: The Dept. of Defense will be implementing IPv6 by 2008, and the DoD invented the Internet, so it’s going to happen just like last time around.
Truth: The 2008 date has become somewhat tenuous, nor does the entity that made the mandate, the Office of the Secretary of Defense, have the mandate or resources to fight with all the other government branches to get them to implement IPv6. An easy way to see the level of priority is to note that spending on IPv6 since the mandate has amounted to about $10 million out of over $1 trillion, or 1/100,000th of the military budget, or one-thousandth of one percent. The percentage is even less impressive, if that’s the word, if we compare it to total federal spending since the mandate, around $4.5 trillion.
The first Internet transition was led by Dr. Larry Roberts (the founder of six companies that have advanced the Internet industry, including Telnet, which became Sprint), on behalf of DARPA, which I consider to be the greatest agency in U.S. history, because it accounts for 1/3rd to 1/2 of all IT advances that underpin the current IT industry. Dr. Roberts had “air support” from then-Secretary of Defense Robert McNamara. The current Internet transition is led by DISA, which has neither the heritage nor the “elbow room” of the 1970’s-era DARPA, an R & D shop filled with visionaries and dreamers - which also didn’t have the day to day responsibility of running one of the world’s largest critical communications networks.
This is not to say that DARPA is perfect, but rather that it took an extraordinary agency with an extraordinary director, backed by the most technocratic SecDef ever, with active Congressional involvement and with hundreds of researchers all sharing their computers, papers, software, and insights freely to make the first Internet work. Even then, it still took over 20 years to get from the ARPAnet to the commercial Internet. Part of the reason things took so long is that the DoD made the wrong bet and abandoned TCP/IP leadership for over a decade, and time passed by until another extraordinary director, Prof. Larry Smarr, then at National Center for Supercomputing Applications, tasked his students with creating Apache and Mosaic, which became the basis for current web servers and web browsers. Thus, the DoD can’t be counted on to stick with the New Internet until it’s a commercial success, and the last Internet was created out of lucky accidents where the right director was able to run his own show without interference, and there was a fortuitous combination of timing, Congressional support and willingness to abandon legacy systems.
In short, everything that went right with the last Internet isn’t happening this time around. Expecting the same results (Internet leadership and all the benefits arising from that), with less than even a half-hearted replica of the support, cooperation and involvement that the first Internet received, is doomed to failure and frustration.
7. Myth: Federal agencies are taking IPv6 into consideration already.
Truth: Two different studies, one by the U.S. Government Accountability Office and one by Juniper, both found that fewer than 10% of the federal IT people interviewed had any knowledge of what IPv6 could do as well as a plan to utilize IPv6. The last diagram of the GAO report has little circles that are filled in when each of the top 25 or so agencies that make up the bulk of spending had something accomplished with IPv6. It’s almost entirely blank. The GAO report has not been challenged—no one is claiming to have been treated unfairly.
8. Myth: Federal agencies don’t need to know about IPv6 yet. It doesn’t matter.
Truth: IPv6 is already included in virtually all routers and operating systems (with service pack upgrades for MS Windows), and IPv6 has features including neighbor-discovery (and “neighbor” can be across the country if it’s close in a network sense) and stateless auto-configuration. In other words, a hacker could wake up the IPv6 capabilities in one workstation, server, or router, which could then turn IPv6 functionality on in hundreds, possibly thousands of other machines. And here’s the surprise: almost none of these system have IPv6-specific firewalls in place. As far as I know (please correct me by writing me at [email protected]) there is as yet no officially tested and approved IPv6 firewall for classified information.
9. Myth: Classified networks require air gap separation between them and non-classified networks, so if they aren’t hardwired together, there shouldn’t be a problem.
Truth: Not everyone follows this policy, and people who have breaches of classified information safekeeping may not report this in a timely way, or at all. Moreover, IPv6 auto-configuration can be accomplished over wireless connections. IPv6 has advantages over IPv4 for wireless that have not been fully tested in large scale scenarios, though Germany and Japan are way ahead of the U.S. in this area, but haven’t published their data in English, and no one has asked for a translation. Air gap separation is not by itself enough protection. To be scary about it, classified information might be stolen by foreign agents, with U.S. defense workers not versed in IPv6 being none the wiser.
10. Myth: OK, so what’s the problem if hackers use IPv6 to access confidential or classified information? If no one has IPv6 plans, then I can’t be held responsible.
Truth: You can go to jail and lose your job for not securing your employer’s or sponsor’s data, whether by intent or negligence - there are times when ignorance is definitely not bliss. There are numerous federal statutes that require keeping classified, or even private, data confidential, for example:
Executive Order 12356
Section 5.4 Sanctions
- (1) knowingly, willfully, or negligently disclose to unauthorized persons information properly classified under this Order or predecessor orders;
- (c) Sanctions may include reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanctions in accordance with applicable law and agency regulation.
11. Myth: The U.S. is not behind Japan or other countries. All they’ve done is put IPv6 in some buildings, dorm rooms, and taxis. Big deal.
Truth: No, those examples are just what Japan’s IPv6 Promotion Council shows because it has authorization to show these examples, and they were part of university studies, such as WIDE or KAME. In fact, there are over 370 companies implementing IPv6 into their operations in Japan alone, with probably about half this number in South Korea and China combined, compared to perhaps just 60 companies in the U.S. Virtually all of the IPv6 implementations and applications that will bring competitive advantage are kept secret, and, unless our intelligence agencies are re-tasked to report on these, no one in the U.S. will know about them until it’s too late to catch up. (Unless we actually come up with something to share on IPv6, and get into the loop).
12. Myth: No one is keeping track of who is leading in IPv6.
Truth: The laggards don’t keep track, and the U.S. is an IPv6 laggard. The leading nations do keep track. Here is a short article that has been widely linked to, which I received in my email box a few minutes ago:
“Korea Owns World’s Third Largest IPv6 Address Space
Sunday, 12 June 2005
Korea became the nation with world’s third largest Ipv6 address space, following Germany and EU. The nation is the first in Asia-Pacific region.The Ministry of Information and Communication (MIC) and the National Internet Development Agency of Korea (NIDA) said on Sunday that they secured /20 Ipv6 addresses through APNIC, Asia-Pacific Network Information Center.
The Ipv6 addresses Korea gained can give thousands of trillions IP addresses to every single people on the planet.
The MIC said, “Securing Internet resources such as Ipv6 space is the very fundamental infrastructure that can be compared to building highways during industrial era. We would guarantee stable supply of Ipv6 in order to realize a U(ubiquitous)-Korea.”
Note that the U.S. isn’t even worth mentioning—it’s not in the IPv6 all-star arena.
13. Myth: The U.S. government doesn’t have a good track record in leading technology
Truth: The U.S. federal government has an excellent track record at leading both technology and infrastructure, and especially technology infrastructure. When the U.S. federal government has gotten involved, the U.S. became a world leader for decades, as with the postal system, weights and measures (until the 1970’s, with the metric system failure), currency, canals, railroads, telephony, radar, Black and White television manufacture and broadcast, radar, satellites, interstate highways, airports, space launch, the Internet, the integrated circuit, night vision, precision guided munitions, and body armor. In those area where the U.S. federal government didn’t get involved as a leader, the U.S. failed to lead, as with 2G, 2.5G, 3G (and soon 4G) mobile telephony, color television, smart cards, and, soon, stem cell research.
14. Myth: IPv6 doesn’t impact the economy or international trade in any significant way.
Truth: The US is in big trouble, based on trade statistics, and whether we lead in IPv6 will make a profound difference to thousands of industries and to changes in our balance of trade. For most of the 20th Century the US was a net exporter in virtually every category. Since Nixon, we’ve been mostly a net importer of goods. Since Reagan, we’ve been a net importer of capital. Since President George W. Bush’s first term, we’ve been a net importer of technology, and since his second term, we’ve become a net importer of food. We have long been a net importer of both people and labor. That leaves us with only three things we are net exporters of: services, data, and media (TV, games, movies, and Internet-based content). IPv6 will have a profound impact on broadband, telcos, ISPs, movie studios, and international trade in services, data, and media. Look at what Sean Fanning’s Napster and DSL did to the music industry. IPv6 will be an enabling technology to the unwary that could make the U.S. a net importer of services and data, while making media a no-profit zone due to Intellectual Property Rights (IRM) copying violations.
15. Myth: US companies are always the leaders in technology.
Truth: NTT Communications handles more IPv6 traffic and has more IPv6 customers than all US ISPs and telcos combined. It is running television ads for consumers to advertise for IPv6. No U.S. company has ever prominently featured IPv6 in major advertisements to date.
16. Myth: China is a third world country, and their use of IPv6 is irrelevant.
Truth: Some have estimated that about half of China’s GDP growth (about $125 billion a year) is based on purloined media and stolen technology and reverse engineering, the first emerging superpower whose growth is based primarily on theft of intellectual property (though the U.S. was also prone to steal copyrights in the 1800’s!), as well as just plain copying. If China has IPv6 leadership, they will be even better pirates (as well as legitimate competitors) than they are today, and no U.S. industry is safely “off limits” to pirates, hackers, industrial spies, and even saboteurs.
17. Myth: If the U.S. federal government spends money on the Internet, it benefits everyone, and the U.S. doesn’t get any special advantage, or return on investment.
Truth: The US federal government spent about $50 million on the IPv4 Internet, and gets about $500 billion a year in extra revenue due to the extra growth engendered by Internet-related activity in our $12 trillion economy. It’s fair to say that the U.S. federal government gets a million per cent return on its investment in the Internet. There is also the fact that half the world’s present IP traffic goes through the U.S. (which also has half of the world’s major ISPs). Half of the U.S. traffic (and thus a 1/4th of the world’s) goes through Northern Virginia, where the ISPs are major suppliers to the U.S. federal government (only the DoD has its own network, out of 150 or so federal agencies); this level of trade and traffic generates significant clout for the IT industry. U.S. Senator George Allen (R-VA), for instance, has been a leader in the battle for a tax moratorium on the Internet, which has helped the U.S. maintain IPv4 leadership. Thus, the U.S. government and the ISP industry, as well as data-centric telcos like MCI and wireless providers like Nextel, all benefit from the industry cluster.
In return for outspending the rest of the world’s federal governments100 to 1 in the first decade of the original Internet, the U.S. got half the Internet industry for the first decade of its commercialization. However, the U.S. federal government is now being outspent 100 to 1 by other federal governments on the New Internet (about $800 million to $8 million, by my calculation). Americans can thus forget about having the same relative position in the first decade of the upcoming IPv6 commercialization boom. Instead of 50%, we will have less than 25%, perhaps as little as 10%, of a market that will be much bigger than that created by the first Internet. The U.S. Internet industry might even grow somewhat in absolute terms, but it will shrink from a cat to a kitten relative to the rest of the world.
18. Myth: IPv6 doesn’t impact the lives of ordinary people or “Joe Six Pack.”
Truth: Joe Six Pack needs to either have a job, or get taken care of by state government or the federal government. The U.S. federal government got a $500 billion windfall during the 1990’s in increased revenue due in large part to economic growth that was due more to the Internet than any other factor. A loss of Internet leadership could cause a surprisingly large loss of both corporate jobs and of federal and state revenues, even as millions of immigrants come into the U.S., putting millions of Joe Six Packs into a position where they can’t pay their mortgages on their homes, just as many large companies go to court to try to shed their pension fund responsibilities.
19. Myth: IPv6 is already completed, so the U.S. government has nothing to say.
Truth: IPv6 is about 10 to 20% finished, and there are over 100 hundred RFCs (Requests for Comment) at the IETF, along with helpful suggestions on how to “fix” problems or improve IPv6. According to the co-chair of the IPv6 Working Group, “I can count on one hand the number of times anyone associated with the U.S. government gave any input to discussions on IPv6,” compared to, “I need the hands of everyone in my building for all the times vendors gave input.” Even now there are discussions and decisions leading to how IPv6 will be used in very low-power and low-bandwidth wireless networks, which will impact how data is taken from billions of sensors to be purchased by the U.S. government over decades to come, and there is no U.S. government input at all.
20. Myth: IPv6 is boring. Even the name is boring, and hard to remember.
Truth: While reading RFCs is something only Internet experts gain pleasure from, there are many aspects of IPv6 that can be learned quickly and painlessly by programmers, manufacturers, designers, network planners, even CIOs and elected officials, so that they can do their jobs better. IPv6 is not a friendly name, which is why it is also called The New Internet, which is easy to remember, and just needs to become a more standardized reference for the protocol, rather than being used to describe new applications that use IPv4, which, at 32, can fairly be called the Old Internet, since that’s longer than the life spans of most things, other than wealthy humans, elephants, whales, viruses and microorganisms.
***
If you have your own myths, or corrections or disagreements with any of mine, please send them to me at [email protected], and we’ll create and update a myths section on our website. We offer free subscriptions to our monthly IPv6 newsletter, 6Sense.
Sponsored byCSC
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byVerisign
Obviously no bias in the viewpoints expressed in this article, right? Right….
- fergie
I’m all for the deployment of IPv6, but I don’t think the spread of technical misinformation under the banner of “truth” helps the cause at all.
The idea that IPv6 will somehow protect the world from file sharing, fraud and child pornography is just laughable.
In your point #2 you say that IPv6 lacks QoS - I’ve stared at a lot of IPv4 packets, and every one of ‘em contains an 8-bit type-of-service/quality-of-service field. So I would not agree that IPv4 entirely lacks QoS hooks.
You did not mention the appearance of NATs - these have significantly reduced the pressure for allocations of public address space.
You started losing me with point number two, Aside from the fact that you used “stealing” where you meant “unauthorised reproduction” (a bit of double-speak that I really hate, but can overlook), you also intimate that IPv6 vs IPv4 has anything to do with the possibility of mail spoofing (“sending spam they pretend is from another person’s website”) and such like. It appears you are trying to manufacture truth here, as opposed to describe some actual state of affairs.
Point 2 is the farthest stretch in your entire article.
Point 20 - I dare any techie or sysadmin to say “I’m deploying The New Internet network in our company.” It’s all very well to want to brand everything, but get real - IPv6 = The New Internet? This is as bad as people who confuse the Internet with the web.
Appreciate your zeal to deploy IPv6. Less FUD, please.
I’m not an expert, but I am very interested in anything that will help stop forgery and spam. As I understand it, however, the authentication header in an IPv6 packet is intended for a very different kind of authentication. This header is meant to carry a short piece of encrypted data that the receiver can use if he has the sender’s secret key. This might be appropriate for military communications, but not for email between unrelated parties. According to RFC-2402 it is *possible* to include a signature in the authentication header, but “performance and space considerations currently preclude use of such algorithms”.
It seems to me there is a fundamental flaw here in trying to provide “application layer” authentication at the level of IP packets. It will be much more efficient to provide signatures and other authentication data once, for example at the start of an email session, and not load every packet with this big chuck of data. So with regard to email security it seems to me that IPv4 and IPv6 are equally irrelevant.
This is not a criticism of IPv6, just a statement of my understanding that it won’t help with the email forgery problem. I welcome any clarifications from experts.