Google tries to break IPv6 logjam by own example
SAN FRANCISCO--Although it's been hard for companies to financially justify the expense of embracing the next-generation standard for wiring together the Internet, the incentives are now arriving--and Google itself stands to benefit from the resulting democratization of networking.
Google thinks the time is ripe to begin adopting Internet Protocol version 6. The search giant, which handles gargantuan amounts of traffic, has gradually been making more of its Web properties available over IPv6, which despite being defined for more than a decade still is rare compared to the current IPv4.
The company has been gradually making its properties available over the new standard, starting with an IPv6 access to its search engine in March 2008. The range of other Google properties similarly available expanded to include Google Maps last week, said Lorenzo Colitti, a Google network engineer who spoke Wednesday at a Internet Society panel discussion at an Internet Engineering Task Force meeting here.
Lorenzo Colitti, a Google IPv6 network engineer
(Credit: Stephen Shankland/CNET)The big advantage IPv6 has over IPv4 is the number of unique addresses it can accommodate--4.3 billion for IPv4 compared to about 34,000,000,000,000,000,000,000,000,000,000,000 for IPv6. Although 4.3 billion may sound like a lot, addresses are often allocated in large blocks that mean many aren't generally available, and expert estimates forecast an end to new IPv4 addresses in 2011.
To sidestep the limitations, engineers have come up with patches such as network address translation (NAT) and dynamic IP addresses. But the way Coletti sees things, those fixes reinforce the status quo on the Net: a relatively large number of clients such as PCs or set-top boxes connecting to a relatively small number of servers with the privilege of their own IPv4 addresses. Clients generally retrieve the data from servers but rarely host it on their own.
"This is what the Internet does, but it could do so much more," he said. Moving to IPv6 lifts the limits on what can be done in the future: "We don't know what those applications are going to be. They didn't know in the 1980s that the Web was going to come along."
Competitive advantage for Google?
The future Google wants to enable through IPv6 is a decentralized, less hierarchical one in which any device can reach any other device on the network without relying on server intermediaries.
That may sound odd for Google, one of the biggest powers on the Internet. But remember that Google's core business strength--search--is based on its skill in making some sense out of the chaos of information available on the Internet. A future in which the clout of central gatekeepers is reduced is one in which Google has a competitive advantage.
After all, the company has hundreds of thousands of servers dedicated to the tasks of crawling the Internet for new data and assessing what's most important. To make that assessment, it invests heavily not on objectively evaluating what's on the Internet, but rather on figuring out how to interpret the available signals that everybody on the Internet supplies on their own. And it has a directly related advertising business that funds further work.
For a technical taste of how Google sees the world, peruse The Unreasonable Effectiveness of Data, published recently by the Institute of Electrical and Electronics Engineers and written by Google researchers Alon Halevy, Peter Norvig, and Fernando Pereira.
Yahoo likes Semantic Web technology, in which content is labeled with tags that help computers better understand its meaning, but Google's technology is designed to comprehend a broader, less structured Net, the researchers say.
"The first lesson of Web-scale learning is to use available large-scale data rather than hoping for annotated data that isn't available," the Google researchers said.
The number of IPv4 Internet addresses still unused is steadily dropping toward zero, according to Comcast. The gray diamond is today's level. (Click to enlarge.)
(Credit: Comcast)
Carrot and sticks for IPv6
So why move to IPv6? Colitti offered some incentives and warnings. On the carrot side, he said IPv6 opens the door to new technology impossible with IPv4 and can ease network administration headaches--and you can bet that Google, with hundreds of thousands of servers at a minimum, has plenty of those. On the stick side, he said, building large-scale NAT into networks is expensive and limiting.
"Those devices will be very expensive...and if you do NAT, it's a support nightmare. It's very hard to maintain," he said. Though adding IPv6 support might not have enticed companies with big profits thus far, the full financial equation is more complicated. "Is the avoidance of future costs an economic incentive?"
But in the big picture, Google's support of IPv6 appears to be less a shorter-term concern about administrative headaches and more a desire to see a vibrant, active, open, and adaptable future Internet.
Google's IPv6 support is similar in broad terms to its efforts to build for the open-source Android mobile phone operating system, Chrome Web browser, and new, pervasive wireless Internet access technology. Google executives have justified such work not as a way to directly make money but rather as a way to spur faster development in areas of the Internet where it thinks progress needs to move faster.
"At Google, we believe that IPv6 is essential to the continued health and openness of the Internet--and that by allowing all devices on a network to talk to each other directly, IPv6 will enable innovation and allow the Internet's continued growth," the company says on the Google IPv6 page.
Google isn't alone in IPv6 advocacy. Russ Housley, the current chairman of the Internet Engineering Task Force, envisions every home equipped with an Internet-connected gas meters, thermostats, and other such devices.
"If you have every home equipped, the number of Internet address exceeds the space that is available in IPv4. You just can't do that," Housley said.
Difficult transition
So if IPv6 is so great, why aren't we all using it? Because it's a difficult transition that requires a lot of work across the entire technology industry--not just at Internet sites, but also in operating systems, server software, management tools, set-top boxes, network equipment, and agencies that dole out network addresses.
Networking giant Cisco Systems even has found that typing IPv6 addresses is an issue. The elements of an IPv6 address are separated with a colon, a change from the period that IPv4 uses.
Worse, IPv6 investments aren't rewarded immediately because IPv6 isn't backward-compatible with IPv4. That has walled IPv6 off into a separate domain that couldn't communicate with the mainstream IPv4 Internet, though some work is under way to better bridge the two.
"What is slowing down adoption is that if I want this (one company's IPv6 work) to be useful, I depend on everybody else in the universe to do the same thing," said Alain Durand, director of IPv6 architecture and internet governance at Comcast, during the discussion. However, he did point to some work under way that would make even small corners of IPv6 useful as opposed to an expense with no return.
Google, though, is trying to show that IPv6 is attainable. As well as Google search and Google Maps, the company offers Alerts, Calendar, Docs, Finance, Gmail, Health, iGoogle, News, Notebook, Reader, and Sites over IPv6.
Google also is organizing IPv6 conferences of its own, with its most recent IPv6 conference last week that drew participation from Microsoft, Yahoo, Cisco, Comcast, and the Beijing Internet Institute; China is a big fan of IPv6. It's also urging governments as well as companies to adopt IPv6.
Not rocket science
Colitti said IPv6 isn't rocket science and suggested people begin IPv6 pilot projects. They should be production-ready, but don't need to be built to handle the scale of traffic as the main IPv4 network. Google's own IPv6 work began as a project done in 20 percent time--the time Google engineers get to pursue their own interests.
Administrators whose sites already have IPv6 users should brace themselves for spikes in traffic growth as they bring new services online, though. After the Google Maps IPv6 move, Google's outgoing network traffic over IPv6 tripled overnight, Colitti said. Currently Google has about 150,000 people using the site through IPv6.
Even though the overall IPv6 transition is showing the typically human ignore-it-until-it's-a-crisis behavior, the context for evaluating IPv6 is changing as the IPv4 growth era comes to a close.
"We're right now two to three years away from depleting IPv4 altogether," Richard Jimmerson, chief information officer of the American Registry for Internet Numbers, said at the panel discussion. Late in the last decade and early in this one, some predicted that the IPv4 address depletion is what would cause the move to IPv6, he said. "Those folks who made those predictions are partially correct."
Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and since then also has covered Google, Yahoo, servers, supercomputing, Linux and open-source software, and science. E-mail Stephen, or follow him on Twitter at http://www.twitter.com/stshank. 
The primary reason is security. NAT guarantees that internal addresses can't be routed outside segment boundaries, even in the face of misconfigurations, firewall holes, etc. Even with superior security capabilities built into IPv6, security professionals will insist on using NAT.
Google has a bazillion servers which need to be Internet routable, so it makes sense for those servers to be "directly" (loosely speaking) connected to the IPv6 internet. Load balancers, etc., can work much more efficiently without NAT. But that's Google. For most enterprises, the number of internal servers / workstations will always vastly greater than the number of servers on their DMZs or extranets, so they'll want to NAT.
Also I would say for most enterprises, the marginal cost of NAT is negligible. It's standard operating procedure for most network designs today.
It's also likely during a transition period, enterprises will adopt IPv6 only at the border, but continue to use IPv4 internally. That means not only NAT but protocol translation. We're seeing some of this already.
What's going to drive adoption to IPv6 is mobile devices (phones, netbooks, etc.) In the near future we'll commonly see everything from cars to watches to airplanes to refrigerators connected to the 'net... a scenario not possible with IPv4 addressing.
Maybe google thinks that if we begin making IPv6 ubiquitous, it will so clog up the pipes and slow commerce to the point where governments will be forced to pump money into bandwidth expansion.
Also, contrary to the article, switching to v6 will not eliminate gatekeepers as it doesn't matter what my underlying protocol is, I will still use firewalls and edge routers, NAT, PAT and any other security mechanism in my toolkit.
Applications are layer 7 of the OSI model... IP addressing is layer 3.
Yes, they need to be aware of the addressing scheme (esp. things that use their own protocol like bittorrent, which alone works layers 7-4), but not a huge problem. XP SP2 and up, Mac OSX 10.4 (don't quote me) and I belive linux kernal 2.4 (or 2.6?) support IPv6 so thats half the battle really.
I'm not wrong and the layers don't matter here. I can't count the number of apps (at home and work), I have had to deal with over the years that require very specific networking configs and break if things stray.
Many application developers use IP address directly for a variety of reasons (many inappropriate) and when you throw the switch to IPv6, it isn't going to pretty if every layer between 3 and 7 isn't dealt with.
I agree that it is good that the mainstream OSes are finally onboard, but stop for a moment and think about what a small percentage of the problem that is today.
That takes a while, from a day to a month.
Has anyone heard of the term defense in depth. Hello? If you are a major corp you do not trust individual machines. Even if you can control the configuration of most domnain joined Windows boxes, there are always those laptops that are not domain joined on the network. Would you trust your corporate data to the receptionists home laptop directly connected to the net?
No one said anything about Windows specifically stop being a fanboy.
I can leave my vista box up for days without a firewall without it being compromised.
ANY OS is capable of being hacked into easily.
Mac's firewall is actually built in so it has one to.
Listen, I'm sure the Cisco's of the world would LOOOOOVE to see companies shell out the cash to go IPv6. But I'm not sure (unless companies begin seeing a value to doing it) anyone's going to be willing to pony up.
I hope the vast scalability of IPv6 helps escalate the adoption of the Semantic Web and Linked Data (near and dear to my heart).
Check out these sites:
http://www.sixxs.net/main/
http://www.ipv6.org/
Dude! I am the walrus
I can get the whole "640k ought to be enough for anyone" mentality of IPv4's limitations, sure, but I don't get the whole "new cars don't fit on old roads" mentality of the IPv6 creators. That seems to speak to a lack of creativity or a lack of common sense.
Also, wouldn't NAT at the ISP level solve some of these issues? They all speak IPv6 and then dole out IPv4 to us. Same way that everyone in my neighborhood has who knows how many machines connected to 192.168.0.x for their wireless routers but to the ISP we all look like a single IP address.
Disclaimer: I have absolutely no idea what I'm talking about. If you agree, please don't call me dumb, but instead respond with more details to help educate me.
IPv6 is not backwards compatible with IPv4 because.... well that is a subject of a big debate. Some believe not making IPv6 compatible was a massive blunder. Others (including me) believe that a clean redesign is much preferable than a compromise protocol handicapped by IPv4's inherent weaknesses, especially considering we'll have to live with this new protocol possibly decades to come.
At the ISP level, yes NAT (or more correctly Protocol Translation) will help temporarily, but that means devices using that ISP can't take advantage of IPv6 features (better support for mobile devices, integrated security, better autoconfiguration, etc.) So you have to build tunneling infrastructure to carry IPv6 traffic over the IPv4 NAT network then convert back to IPv6 at the border router, which is really inefficient. What you want is a true IPv6 network without the need for protocol translations.
While DVD was a major transition from VHS, the TVs they played on didn't change.
While Digital TV is a major transition from analog, there are ways to make the current TVs play without too much work.
But now we're talking about changing the air we breathe or the way we walk. (I'm not trying to be overly dramatic so much as to say that this is something we really, as average consumers, don't think about. Either the tubes are pumping out interwebs and lolcatz or we call Comcast and they walk you through a script that makes you feel stupid or educated, depending on how much you know about the internet to begin with.)
I am on the side of "massive blunder" - it's like electing a mayor whose only previous experience is playing SimCity and whose solution to massive problems is the "Erase City? (Y/N)" prompt.
True creativity, true problem solving happens not on a blank sheet of paper, but in how you deal with what's already on the paper. Suggests that IPv6 was grown in a lab without serious thought given to the real world implementation implications.
2nd: a functioning ipv6 network deployment essentially requires the use of dhcp so you won't have to worry about typing the address in anywhere (with some exceptions). When you do need to type it in there will be many shortcuts you can use to make it easier. The allure of ipv6 is that it is, for all intents and purposes, going to be self configuring to the enduser.
3rd: IPv6 has been used in the real world for almost 10 years now. Its had a limited roll out but it is in use and supported at a relatively large number of places (universities for the most part). We've got a pretty good handle on how it works and we can provide as much if not more stability with IPv6 than we can with IPv4.
4th: 'Compatibility' can be mainatined through dual stacking (which is generally tranparent to the end user) or other techniques to prevent the segregation created by the two different network spaces. Could it have been made backwards compatible? Sure, but it would have sucked. Trust me on that. If you don't trust me go look at the structure of the IPv4 packet header. Every advance and change would have had to fit *in* that structure. You have 32 bits to handle all the future address space need. How are you going to make that happen and retain compatibility?
5th: Of course it was developed in a lap. Where do you think the internet came from in the first place? Its not like you drill for it.
I actually congratualate them for doing the harder but more sound way and a longer term solution.
Do companies like Merck, Chrysler, Ford, Eli Lilly, etc, really have a need for over 16 million IPv4 addresses each? All of these have dedicated /8 ranges.
The US Postal Service even owns an entire /8! Are you kidding me?
Perhaps the cost of moving to IPv6, massive indeed, could be subsidized by these organizations that have been so irresponsible with their IPv4 addresses?
Plus back in the day it was either a class A (16m addresses), class B (65,000 addresses) or class C (254 addresses). I'm sure they figured they had more than 65,000 cities/towns/etc in the US, so they had no other choice.
The local machine can tunnel IPv6 traffic into IPv4 packets, and send it through the tunnel.
I tried to set that up just yesterday on my Linux box, with AT&T DSL, but AT&T apparently doesn't even have the tunnel endpoint functional.
- by cameronwall March 29, 2009 4:13 PM PDT
- How about IPv6 over MPLS surely that would solve any security concerns?
- Like this Reply to this comment
-
(40 Comments)