[ipv6hackers] my IPv6 insecurity slides

Fabian Wenk fabian at wenks.ch
Tue Nov 29 18:02:48 CET 2011

Hello Cameron

On 28.11.2011 20:49, Cameron Byrne wrote:
>>  The migration to IPv6 was probably started to late. It is basically
>>  killed by Web2.0 (the second "new internet") and the smartphones.
> trying to resist the need to send email....giving up...
> I would say the Smartphones on IPv6 are one of the reasons to go to IPv6.

I do not know how the mobile phone data network do work in other 
countries, but in Switzerland at least the major telco (Swisscom) 
is running the whole mobile data network since ever behind NAT 
gateways with only IPv4 available.

> It is not servers (content) running out of IPv4 addresses that is the
> issue.  It is that the network edge of eyeballs that is growing
> fast... More people are coming online and more people have 2,3,4
> devices that need IP addresses.

They use NAT already, as for the most customers, the ISPs only 
assigns 1 IPv4 address to their connection. And NAT also protects 
the devices somehow from the outside Internet, which the 
customers also does appreciate.

> People will not go to IPv6 to access new and better content.
> People (eyeballs) will be given IPv6 addresses because IPv4 has
> (already) run out.

Or the ISPs start to use NAT also on their network and putting 
several customers behind one NAT gateway (like they already do 
with mobile internet). Sure when ISPs start using NAT at large on 
home internet connections, this will cause other problems, eg. 
when a content provider or web server blocks or limits access 
based on IP addresses in the case of overuse / abuse.

> Content folks will want to provide parity to IPv4, IPv6, and
> dual-stack eyeballs, so that is why content will go to IPv6.

Sure, content need to go dual-stacked first.

> User go to IPv6 because they have no choice (addresses run out, many
> people, many devices)

But only when they get it from their ISP and everything still can 
be reached. If they only get IPv6 and no IPv4 today, they will 
probably complain to their ISP because they are not able to reach 
some major websites which currently only run on IPv4.

> Content go to IPv6 to reach the users.

It will be needed.

Do not understand me wrong, I personally prefer to move forward 
with IPv6. My own private systems are running dual stacked since 
ages, but even there I still have services and systems / devices 
which do not (fully) support IPv6 (yet).
Currently there is nothing out there, which gives enough pressure 
to content providers or / and ISPs to move forward with IPv6. At 
the current point it just costs money and effort without any real 
benefit (without looking at Asia). And as pointed out above, to 
give internet access to home customers NAT at large could be 
used, as it is already in operation on the mobile phone data 
network. I hope that this will not happen (as it will also cause 
problems) and the ISPs will move forward with IPv6 on their end 
user connections.

Somehow it is like the chicken and egg question.


More information about the Ipv6hackers mailing list