As someone watching from the sidelines I had no idea there were such major issues with IPv6. It seems like IPv6 has been out there for a long time (about 10 years) in terms of being supported by OS's and networking hardware, if not ISP's. So I would have thought that cutting edge institutions (like MIT) would already have years of experience with it and have worked out most of the kinks by now.
If this is not the case what does it mean for more widespread IPv6 adoption ? If such adoption is significantly delayed or stalled what will the consequences be, both for current Internet growth in the face of IPv4 address depletion and for new technologies like IoT ?
I haven't been on the front lines of new protocol deployment for a long time now, but the pattern then (and it appears unchanged) was that larger deployments brought out 2nd and 3rd order issues with the protocol. The old joke was "How can you tell someone is a pioneer?" answer, "Count the number of arrows in their back." which expressed that folks who adopted new protocols bore much of the burden of their failure and revision. Sounds like CSAIL has made some great progress in this respect.
There are already quite large both enterprise and service provider networks already using IPv6. It's more in-between the "pioneers did not document the thorns they hit, so the others would not" and "the future is not evenly distributed yet, so we don't know about it" territory.
I've volunteered myself to understand which of the two and to do whatever is actionable.
IPv6 has been sold as "just like IPv4, but bigger" but it's not. It's much more than that, leading to the schism between the "adopt or die" and "not on my watch" people.
That depends which part of the stack you're working on.
If you're writing web apps that receive a REMOTE_ADDR field, then the protocols look very similar; you just need to parse and store bigger values, and perhaps account for the fact that users tend to control a prefix instead of a single address.
At the BGP and packet forwarding layers, everything's the same, with bigger numbers.
The linked article relates to IPv6 over Ethernet, which is the area where IPv6 added the most new features and quirks.
Sure. The people who got "128-bit IPv4" aren't the ones complaining. The network admins who deal with all the rest of ipv6 are the ones who don't like the imposition.
> what does it mean for more widespread IPv6 adoption?
If I were a security hacker (whatever shade), I'd be spending all of my time looking at IPv6, from device drivers through kernels and routers up to user-level programs.
IPv6 is simply not hardened in the way IPv4 is. It will be some day, but it's going to have to earn it the hard way, same as IPv4 did.
Indeed, IPV6 is a possible entry point for pen testers, as plenty of admins will leave ipv6 enabled, but not bother to setup ip6tables. Plenty of software is setup to bind on "all interfaces", which includes your link local address. Fortunately, takes some effort to scan the link local address space.. But if they are based on MAC, and you can just ask for the MAC of the host via ARP...
Yup. iptables should really have a "figure out how to mirror this" mode, since 99% of iptables rules can be translated to ip6tables rules by sprinkling 6s around, and almost everyone screws it up initially.
I've got a bit of a headache right now, but IIRC the second remotely exploitable OpenBSD bug was because they had IPv6 enabled by default. There are a lot of grues lurking in there.
The parent wasn't just implying it being enabled, but also likely buggy in the implementation as well. E.g. Maybe an overflow with the next header implementation.
Almost all large organizations decided to delay adopting IPv6 until the last possible moment because this reduces various costs. But this meant that many deployment problems were not discovered until very late.
If this is not the case what does it mean for more widespread IPv6 adoption ? If such adoption is significantly delayed or stalled what will the consequences be, both for current Internet growth in the face of IPv4 address depletion and for new technologies like IoT ?