Sign in with
Sign up | Sign in

IPv6 Adoption Grows by 1,900%, Says Internet Census

By - Source: Infoblox | B 26 comments

We may not reach the Dead End on the Internet after all if Go Daddy continues to push IPv6 like a mad salesman.

While it may appear that the Internet is evolving at a snail's pace, an IPv6 Census conducted by the Measurement Factory claims otherwise. In fact, it seems that Go Daddy is the sole registrar behind a 1,900-percent surge in support for IPv6 in zones under .com, .net and .org over the last 12 months. Go Daddy is an Internet domain registrar and Web hosting company that also sells e-business related software and services.

"Go Daddy’s adoption of IPv6 illustrates how a single large registrar can have substantial influence on global IPv6 adoption," census sponsor Infoblox said in a press release.

IPv6 is the successor of IPv4 (Internet Protocol version 4), the latter of which allows only 32 bits for an IP address, thus is limited to just 4,294,967,296 possible addresses. The rapid growth rate of the expanding Internet has exhausted IPv4's supply and is now pushing for the use of IPv6 which uses 128-bit addresses, allowing for a theoretical 340 undecillion Internet addresses. In other words, we may reach a dead end on the Internet if everyone doesn't jump on board the IPv6 bandwagon.

"If your external presence only supports IPv4, then the only devices that can communicate with you will be those with IPv4 addresses," says Cricket Liu, General Manager of the Infoblox IPv6 Center of Excellence. "To the growing population of pure IPv6 devices, you’re invisible. We can’t ignore the emerging competitive advantages of IPv6, but we also don’t need to adopt IPv6 in one great, costly leap. Focus first on providing IPv6 to the outside world and then work inward in stages. Do this and IPv6 deployment will be relatively painless and prove to be a valuable long-term investment for business growth."

According to the census, the percentage of zones under .com, .net and .org that support IPv6 jumped from 1.27-percent in 2010 to 25.4-percent in 2011. Besides Go Daddy's huge contribution, the percentage of zones that support IPv6 increased "organically" more than two-fold over the previous year to over 3-percent. The census also reports that the three countries in IPv6 adoption are France, the U.S. and the Czech Republic.

"A significant percentage of businesses run on the registrars’ networks, relying on the registrars’ systems for email and a web presence, which don’t predominantly support IPv6 yet," Infoblox reports. "If the registrars added IPv6 support for email and web servers, a significant impediment to those businesses’ enabling IPv6 would be removed and adoption gains could jump. If a registrar isn’t supporting IPv6, it creates a serious obstacle to any business wanting to implement IPv6 for its external content."

To learn more about IPv6 enablement, myths and best practices, the Infoblox IPv6 Center of Excellence offers video tutorials, free trial software, white papers and transition tools. Infoblox also will be hosting a "Best Practices for IPv6" webinar for enterprise IT professionals on Dec. 1, 2011.

Display 26 Comments.
This thread is closed for comments
Top Comments
  • 12 Hide
    memadmax , November 22, 2011 1:07 AM
    I just wish that IPv6 was more user-friendly.
    IPv4 was pretty good in terms of human understanding, if you knew what the groupings stood for.
Other Comments
  • 12 Hide
    memadmax , November 22, 2011 1:07 AM
    I just wish that IPv6 was more user-friendly.
    IPv4 was pretty good in terms of human understanding, if you knew what the groupings stood for.
  • 0 Hide
    Stardude82 , November 22, 2011 1:20 AM
    Go Daddy is the biggest internet registrar by far. I think it's like half the market. It should be able single candidly force IPv6 adoption.
  • 8 Hide
    LuckyDucky7 , November 22, 2011 2:57 AM
    One question: Why are we promoting such a flawed system?

    There's a couple reasons why people haven't adopted IPv6 and why we should really just be pushing for a better standard.
    The people who made IPv6 have refused time and time again to change the protocol- which is flawed for the following reasons:

    -No NAT and different networking
    Consider every computer having a unique IP address. With the advent of IPv6, this is now possible.

    Now, let's think about the implications for security here. Sure, there aren't any NAT concerns to worry about, but the computers in any area are at the mercy not of a company's numbering system but of a system outside of their control.

    You can't "wall off" a section of IP addresses like you could in IPv4- for private use this was great, as you could guarantee that any computer inside your network would get a uniform address. But IPv6 changes that.

    And what if you want to bring a device into the network with a different hardware set? Its IP address will be completely different than the ones your network uses itself.

    Now that that's gone, it's impossible to communicate easily with specific machines on your own network and your neatly organized network becomes one big cluster****. IT nightmare.

    -Too-complex numbering system
    IPv4 has human-memorizable addresses. IPv6, stupidly, does not. 12 numbers were enough to memorize (especially since the first few were usually common). But 128 numbers and letters is just too much. Even if the first 78 are zeros, that's still a large address to chew on.

    64 bits is enough. Even 48 will be fine for the forseeable future (just look at MAC addresses). Just double the size of the address (or make it so that the current IPv4 naming convention is followed but double the size of the registrar- so the highest you'd get is 511.511.511.511. Or something like that).

    -Privacy
    Know why China's been a forefront adopter of IPv6? Because here's the secret: all IPv6 addresses are tied to the computer's MAC address. Which, as you know, is unique.

    So now, a malefactor would be easily able to pick out what machines do which things. So if you want to track down someone questioning human rights in your country, you can "van" people with greater efficiency than before.

    SOPA/E-Parasite would just be the beginning if this were to gain widespread adoption. Why? Because you can't tie an IP address to a person but you CAN tie a device to a person.


    With these concerns in mind, can't we just build a better protocol? One that guarantees the ease of use and openness that the Internet today currently enjoys?
  • 2 Hide
    amk-aka-Phantom , November 22, 2011 3:44 AM
    I'm totally NOT looking forward to this... the addresses are SUCH a pain in the a$$ to remember as compared to IPv4!
  • 4 Hide
    Ragnar-Kon , November 22, 2011 4:40 AM
    I've had my IP address, as well as other IP addresses memorized for years now. Sadly, I'm pretty sure I know more IP addresses than phone numbers.

    I need a new challenge. Bring on the IPv6!
  • 0 Hide
    Ragnar-Kon , November 22, 2011 4:46 AM
    Ragnar-KonI've had my IP address, as well as other IP addresses memorized for years now. Sadly, I'm pretty sure I know more IP addresses than phone numbers.I need a new challenge. Bring on the IPv6!

    Having said that, the systems admin side of me sees many future problems that I am not looking forward to solving. Might as well set up a bed in my server room when the switch-over happens.
  • 4 Hide
    Thunderfox , November 22, 2011 5:50 AM
    Someone will develop a way to hide an IPv6 LAN behind a single address, both for security and privacy reasons. Whether such things become commercial products depends on whether the average person ever understands enough about the problems the new protocol presents.

    Also, Go-Daddy is a stupid as hell name for a registrar. I cannot take them seriously as a technology company with that name and their dumb logo, and Danica Patrick slutting it up for no good reason in all their lame as hell ads.
  • 0 Hide
    tanjo , November 22, 2011 6:26 AM
    @LuckyDucky7: The 255 limit on is based on a byte or "FF" in hexadecimal.
    1 hex = 1 byte = 8 bits so 64 bits(IPv4) = 8 bytes = 4 pairs of hex. 128 bits(IPv6) = 16 bytes = 8 pairs of hex.
    Just double the length if an IPv4 address and you'll get IPv6 which is composed of 8 pairs of hexadecimals separated by colons instead of a dot. It's really just like MAC address only for IPs.
    The possible number of combinations said above is just the equivalent of hexadecimal FFFFFFFF (+1 for all zeros address).
  • 7 Hide
    chad1011 , November 22, 2011 6:35 AM
    @LuckyDucky7: Most of what you stated is incorrect.

    Can't assign address - A company or individual can still assign addresses statically or by DHCPv6. This how you can have cute addresses like Facebook: 2620:0:1cfe:face:b00c::3. You can even use autoconfiguration to get a random address in your network block automatically by enabling privacy extension to your device. As for your network turning into a jumbled mess of address, you can still subdivide your address block anyway you see fit. This way you can have your servers on one network, clients on another, monitoring on another, etc...

    128bits is too much - They went with 128 so as not to repeat what they did with IPv4. As you said, the network part of the address stays the same so all you have to remember is the host part. Make it easy xxxx:xxxx:xxxx::1, ::2, ::3, ::4. If your network is too large to remember all those addresses, use a local DNS server. Just doubling the size of the address space will not fix the problem. You still break the current IPv4 implantation and address use is growing exponentially. That mean that twice as many addresses will last half as long and we have to revisit this problem again in the near future.

    Privacy - do you realize how big a normal address block (a /64) that is assigned to a user is? Please try and find my HTPC and laptops in my /64: 2001:470:36:34c::/64. Have fun portscanning 18,446,744,073,709,551,616 addresses. It would take you 5.84554531 × 10^6 centuries if you scanned 1,000 addresses a second. I am pretty sure my router would ban your ip after the first second or two. Use more computers and it just becomes a DDOS attack. It is not like hiding a needle in a haystack but hiding a needle in the middle of the ocean.

    No NAT - To me this is a good thing. The Internet was designed to allow any node to directly connect to any other node on the Internet. The lack of IPv4 address necessitated a kludge know as NAT in order to allow for expansion till a new system could be found.

    Security - EVERY computer should have a firewall. Even on an IPv4 network. Nothing changes except that the target is a little harder to find in an IPv6 address space.

    Wikipedia has a great piece on IPv6 at http://en.wikipedia.org/wiki/IPv6. Think many of your concerns would be put to rest if you read it.
  • 0 Hide
    chad1011 , November 22, 2011 6:46 AM
    @tanjo: IPv4 is 32 bit not 64 bit. 255.255.255.255 is equal to FFFF:FFFF (FF FF : FF FF). An IPv6 address is FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF or 255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.255 if written in decimal like IPv4. Think of it this way. IPv4 is 32 1s and 0s and IPv6 is 128 1s and 0s per address.
  • 1 Hide
    tanjo , November 22, 2011 7:20 AM
    ^^ Oh right, sorry I'm wrong :p . I got my hex numbers wrong. 1byte = two hexes * 16 = 32 hexes (8 * 2 pair groups) and 32 bits = 4 bytes = 8 hexes (4 pairs).

    On a side note, there'll be no shortage in IPs. We can all have static IPs and assign them to hostnames so no need to remember long numbers.

    On the privacy part, maybe use NAT64 and use IPv4 locally :D 
  • 5 Hide
    palladin9479 , November 22, 2011 7:22 AM
    Chad,

    It's reasoning like yours that caused IPv6 to be extremely slow to be adopted.

    Quote:
    Privacy - do you realize how big a normal address block (a /64) that is assigned to a user is? Please try and find my HTPC and laptops in my /64: 2001:470:36:34c::/64. Have fun portscanning 18,446,744,073,709,551,616 addresses. It would take you 5.84554531 × 10^6 centuries if you scanned 1,000 addresses a second. I am pretty sure my router would ban your ip after the first second or two. Use more computers and it just becomes a DDOS attack. It is not like hiding a needle in a haystack but hiding a needle in the middle of the ocean.


    No NAT - To me this is a good thing. The Internet was designed to allow any node to directly connect to any other node on the Internet. The lack of IPv4 address necessitated a kludge know as NAT in order to allow for expansion till a new system could be found.


    Security - EVERY computer should have a firewall. Even on an IPv4 network. Nothing changes except that the target is a little harder to find in an IPv6 address space.


    Absolutely no need to scan your IP range, just wait for your client to send a packet and I already have your IPv6 address. You do enough communication that obtaining this address is trivial if I was a nefarious bad guy and setup a honeypot. Plus it's not the bad guys who will be counting your hosts, its your ISP hoping to tap a new "revenue source". Current IPv4 NAT mechanism makes it impossible for your ISP to know how many PCs, consoles and phones your using.

    No NAT - VERY VERY BAD IDEA. NAT wasn't created by an industry task force or engineering group, it was originally created as a layer 3 network proxy by a guy in a basement. He wanted to connect multiple systems to the internet through a single phone line. The technique passed on from person to person until it morphed into the Network Address Port Translation that we use now. It become a standard not because it was desired, not because some industrial group wanted it to. The very purpose of NAT is to hide a private network from a non-private network, the extra IP address's was a bonus. There still is a requirement as is obvious by the sheer number of people asking for it.

    FW, every computer does have a FW, but home users are not security experts. Not only that, but IPv6 devices are in a exclusive deny mode "allow all unless exclusively denied" by default. This provides nearly no protection at all, every user is at the mercy of whatever internet bad guy happens to know their IP address. IPv4 NAT provided a security layer through two methods, first being obscuring the local infrastructure, second being restricting the target silhouette. The attack has to penetrate a hardened linux / unix FW device with minimal services running that isn't accepting any unknown packets (client must initiate connection). This is vs the attacker penetrating a Windows OS from an OEM, who ships it with services turned on that shouldn't be, that is accepting connections from anywhere in the world.

    Wishful thinking does not solve what is a very real security threat to consumers. Enterprise entities can easily afford a SPI firewall and the security personal to configure and maintain it, home users not so much.
  • 4 Hide
    palladin9479 , November 22, 2011 7:27 AM
    Ok forums are broke, posting in the forums area does not have the post appear here. It ate three of mine that way.

    To my above post, China use's IPv6 to track their citizens and register every device in a government registry. They then profile their citizens internet usages and use that to discern people who are likely to be problems.

    And amazingly enough .... someone already has created NAPT66.

    http://code.google.com/p/napt66/

    Linux kernel module with source code. Use's the netfilter framework and works like a charm.

    You can't engineer away a valid customer need.
  • 5 Hide
    palladin9479 , November 22, 2011 7:30 AM
    Ohh and your MAC is used for the random IP configuration. It's how it prevents two hosts from obtaining the same IP, your MAC will always be part of your world wide unique address.
  • 0 Hide
    aaron88_7 , November 22, 2011 7:36 AM
    ^^Almost all modern home routers have stateful packet inspection (SPI) incorporated. Check the documentation for your home router, it almost certainly does have this feature. Enterprise firewalls usually have additional features home users don't need and are made of far better quality, which is why they are expensive. As far as the firewall side of things they basically work the same, one just can handle a lot more traffic than the other.
  • 1 Hide
    palladin9479 , November 22, 2011 7:54 AM
    @aaron88_7 ,

    Not really, they have a very cheap / dirty method. All they do is compare it to a known list of attack patterns, if something hits positive they dump the packet. This list is rather small and only protects you from yesterday's attack.

    I know this, I've built my own home FW device and the attack database off snort is much larger then the available FW space in a typical home router. Most home routers aren't even running snort, just a very simple packet inspector.

    Enterprise grade FW's also do pattern and trend analysis to determine if an attack is underway that might not be in the heuristics database. Consumer FW's can't do this.
  • -2 Hide
    hetneo , November 22, 2011 8:40 AM
    LuckyDucky7One question: Why are we promoting such a flawed system?There's a couple reasons why people haven't adopted IPv6 and why we should really just be pushing for a better standard. The people who made IPv6 have refused time and time again to change the protocol- which is flawed for the following reasons: -No NAT and different networkingConsider every computer having a unique IP address. With the advent of IPv6, this is now possible.Now, let's think about the implications for security here. Sure, there aren't any NAT concerns to worry about, but the computers in any area are at the mercy not of a company's numbering system but of a system outside of their control. You can't "wall off" a section of IP addresses like you could in IPv4- for private use this was great, as you could guarantee that any computer inside your network would get a uniform address. But IPv6 changes that.And what if you want to bring a device into the network with a different hardware set? Its IP address will be completely different than the ones your network uses itself.Now that that's gone, it's impossible to communicate easily with specific machines on your own network and your neatly organized network becomes one big cluster****. IT nightmare.-Too-complex numbering systemIPv4 has human-memorizable addresses. IPv6, stupidly, does not. 12 numbers were enough to memorize (especially since the first few were usually common). But 128 numbers and letters is just too much. Even if the first 78 are zeros, that's still a large address to chew on.64 bits is enough. Even 48 will be fine for the forseeable future (just look at MAC addresses). Just double the size of the address (or make it so that the current IPv4 naming convention is followed but double the size of the registrar- so the highest you'd get is 511.511.511.511. Or something like that).-PrivacyKnow why China's been a forefront adopter of IPv6? Because here's the secret: all IPv6 addresses are tied to the computer's MAC address. Which, as you know, is unique.So now, a malefactor would be easily able to pick out what machines do which things. So if you want to track down someone questioning human rights in your country, you can "van" people with greater efficiency than before.SOPA/E-Parasite would just be the beginning if this were to gain widespread adoption. Why? Because you can't tie an IP address to a person but you CAN tie a device to a person.With these concerns in mind, can't we just build a better protocol? One that guarantees the ease of use and openness that the Internet today currently enjoys?

    Private IP segments are not really private, but virtual. And you can't tie device ti person, not legally anyway.
  • 0 Hide
    ojas , November 22, 2011 3:36 PM
    Getting hard to know who knows what in the comments section, guess i'll have to read up on it myself...

    However i do know from a book (Computer Networks, Andrew S. Tanenbaum) that NAT was against the openness of the internet and made it easier for ISPs to control and organize their networks. It also lowered the redundancy of the Internet, since now there were these few main nodes, which, if taken out, would cut of lower hierarchical branches.

    Having said that, i agree that it makes sense on the security front.
  • -2 Hide
    Anonymous , November 22, 2011 4:15 PM
    I don't think IPv6 was ever intended to solve China's civil rights problems, improve home user's security holes or facilitate covert use of home internet connections. I think you're putting too much expectation on IPv6 to solve problems that are not within it's mission statement.
  • 1 Hide
    gm0n3y , November 22, 2011 4:23 PM
    NAT is a very important part of the internet. Among other things, from a basic consumer standpoint, it allows us to use multiple machine on a single connection transparently. Without NAT your ISP could (and would) charge you for each device, not to mention charging different rates for different types of devices.

    From my limit knowledge of IPv6 (and a few college courses in network maintenance/security) I don't see how it could stop NATs from being used.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter