Twenty Myths and Truths About IPv6
and the US IPv6 Transition (Such As It Is)
After hearing over 350 presentations on IPv6 from IPv6-related events
in the US (seven of them), China, Spain, Japan, and Australia, and having
had over 3,000 discussions about IPv6 with over a thousand well-informed
people in the IPv6 community, I have come to the conclusion that all parties,
particularly the press, have done a terrible job of informing people about
the bigger picture of IPv6, over the last decade, and that we need to
achieve a new consensus that doesn't include so much common wisdom that
is simply mythical. There are many others in a position to do this exercise
better than I can, and I invite them to make a better list than mine,
1. Myth: There is no need for IPv6.
Truth: There are more needs for IPv6 than almost any one person can imagine,
as was true of all major information technology advances, because the
true potential of IPv6 will be realized by billions of people, places
and things being connected - which will change many societies, and will
be used for decades.
It is true that there is no need for IPv6 in the U.S. based on an IPv4
address shortage, and the obsessive, almost maniacal, focus on this in
what little the press says about IPv6 has led to a very sterile discussion
that rarely seems to go on to new, more vital topics. Of the 4.3 billion
possible IPv4 addresses, between 30 and 70%, depending on whom you speak
with, are still available, and there are over 1 billion stockpiled by
government agencies and companies that have indicated they would be moving
to IPv6, and therefore don't actually need those addresses, and could
theoretically sell, trade, or donate them.
2. Myth: IPv4 works well enough. Everything that can be done in
v6 can be done with v4.
Truth: IPv4 lacks authentication and Quality of Service, as well as the
Flow label. The curious who spend a few days with a hacker, or read about
what Google is coming up with, can see that they can steal products, services,
movies, music, and even identities with the existing Internet. They can
anonymously solicit children to have sex, disrupt corporate businesses,
and waste the time of 100 million people by sending spam that they pretend
is from another person's website. I'm sorry, but if you think IPv4 does
everything it needs to, it may be because your expectations are too low.
While some claim that IPv6 has no security advantages over IPv4, they
are usually referring to special or hybrid networks, which use encryption,
encapsulation, or tunneling to kluge the two together. This is as unfair
a comparison as an older one that put IPv3 together with IPv4 and tested
that combination, and then said there was no advantage to IPv4. For a
true test by the U.S. federal government of v6 advantages we need more
IPv6-native applications, and we need to include in the comparison with
v4 the potential for Network Address Translation (NAT)-enabled IPv4 networks
with internal adversaries (because NATs don't adequately protect the addresses
3. Myth: The market will take care of IPv6, if IPv6 is useful.
Truth: No company can set the standards for the entire world -- even if
it wanted to --which is what is necessary to build a new Internet. The
net present value of the entire world is over $360 trillion dollars, while
the greatest corporate market cap in history was about $600 billion. The
Gross Global Product is about $40 trillion (with variation due to currency
fluctuations), but the largest companies do only about $250 billion, and
they are subject to thousands of rules, laws, regulations, lawyers, and
potential lawsuits. The U.S. government, with a $2.6 trillion annual budget,
is the only entity with sufficient gravity to serve as a unifying force
for a global infrastructure that will touch over 200 countries, thousands
of industries, and a world with 100 million companies.
4. Myth: No, really, the market will take care of IPv6! The Dept. of
Commerce says so!
Truth: The Dept. of Commerce study allowed companies to make their case.
Companies like Cisco, Juniper, Lockheed Martin and a few telcos and ISPs
said, "We can handle IPv6 ourselves." Well, yes, they can implement it
in their own networks and put it into their products. However, they can't
make sure that the IPSec or authentication or QoS conventions that are
used by the DoD or police or sheriffs or EMT are all either the same or
at least interoperable. They can't work with NATO or the European Union
to use the same standards for the next two decades. They can't negotiate
setting procurement policy for governments. They can't give unbiased training
and advice or comparative test bed results for all of their competitors.
They can't pledge, "We will never patent, trademark or copyright anything,
and we will never try to leverage or file suit over our existing patent
portfolios. We will never stop selling or supporting a product as long
as the American government might need it, even if the government doesn't
pay us enough for that to make a profit." Companies have a legal, fiduciary
obligation to make money for their shareholders, while following laws
that change and sometimes conflict with each other from state to state
and country to country, and sometimes they go chapter 11 or 7, and sometimes
they get acquired. Companies are prohibited under anti-trust legislation
from colluding, and collusion, by another name, is a synonym for "mutually
agreeing on standards."
5. Myth: The U.S. federal government has a vision, mission, and
a plan for IPv6.
Truth: Only Japan, Korea, and China have a vision, mission, and plan for
their countries. Everyone else is floundering around in various states
of disorganization, with various people doing various things in uncoordinated
fashion. There is nothing even close to a U.S. Federal IPv6 Transition
Office, though there should be.
6. Myth: The Dept. of Defense will be implementing IPv6 by 2008,
and the DoD invented the Internet, so it's going to happen just like last
Truth: The 2008 date has become somewhat tenuous, nor does the entity
that made the mandate, the Office of the Secretary of Defense, have the
mandate or resources to fight with all the other government branches to
get them to implement IPv6. An easy way to see the level of priority is
to note that spending on IPv6 since the mandate has amounted to about
$10 million out of over $1 trillion, or 1/100,000th of the military budget,
or one-thousandth of one percent. The percentage is even less impressive,
if that's the word, if we compare it to total federal spending since the
mandate, around $4.5 trillion.
The first Internet transition was led by Dr. Larry Roberts (the founder
of six companies that have advanced the Internet industry, including Telnet,
which became Sprint), on behalf of DARPA, which I consider to be the greatest
agency in U.S. history, because it accounts for 1/3rd to 1/2 of all IT
advances that underpin the current IT industry. Dr. Roberts had "air support"
from then-Secretary of Defense Robert McNamara. The current Internet transition
is led by DISA, which has neither the heritage nor the "elbow room" of
the 1970's-era DARPA, an R & D shop filled with visionaries and dreamers
- which also didn't have the day to day responsibility of running one
of the world's largest critical communications networks.
This is not to say that DARPA is perfect, but rather that it took an
extraordinary agency with an extraordinary director, backed by the most
technocratic SecDef ever, with active Congressional involvement and with
hundreds of researchers all sharing their computers, papers, software,
and insights freely to make the first Internet work. Even then, it still
took over 20 years to get from the ARPAnet to the commercial Internet.
Part of the reason things took so long is that the DoD made the wrong
bet and abandoned TCP/IP leadership for over a decade, and time passed
by until another extraordinary director, Prof. Larry Smarr, then at National
Center for Supercomputing Applications, tasked his students with creating
Apache and Mosaic, which became the basis for current web servers and
web browsers. Thus, the DoD can't be counted on to stick with the New
Internet until it's a commercial success, and the last Internet was created
out of lucky accidents where the right director was able to run his own
show without interference, and there was a fortuitous combination of timing,
Congressional support and willingness to abandon legacy systems.
In short, everything that went right with the last Internet isn't happening
this time around. Expecting the same results (Internet leadership and
all the benefits arising from that), with less than a even a half-hearted
replica of the support, cooperation and involvement that the first Internet
received, is doomed to failure and frustration.
7. Myth: Federal agencies are taking IPv6 into consideration already.
Truth: Two different studies, one by the U.S. Government Accountability
Office and one by Juniper, both found that fewer than 10% of the federal
IT people interviewed had any knowledge of what IPv6 could do as well
as a plan to utilize IPv6. The last diagram of the GAO report has little
circles that are filled in when each of the top 25 or so agencies that
make up the bulk of spending had something accomplished with IPv6. It's
almost entirely blank. The GAO report has not been challenged -- no one
is claiming to have been treated unfairly.
8. Myth: Federal agencies don't need to know about IPv6 yet. It
Truth: IPv6 is already included in virtually all routers and operating
systems (with service pack upgrades for MS Windows), and IPv6 has features
including neighbor-discovery (and "neighbor" can be across the country
if it's close in a network sense) and stateless auto-configuration. In
other words, a hacker could wake up the IPv6 capabilities in one workstation,
server, or router, which could then turn IPv6 functionality on in hundreds,
possibly thousands of other machines. And here's the surprise: almost
none of these system have IPv6-specific firewalls in place. As far as
I know (please correct me by writing me at email@example.com) there is as
yet no officially tested and approved IPv6 firewall for classified information.
9. Myth: Classified networks require air gap separation between
them and non-classified networks, so if they aren't hardwired together,
there shouldn't be a problem.
Truth: Not everyone follows this policy, and people who have breaches
of classified information safekeeping may not report this in a timely
way, or at all. Moreover, IPv6 auto-configuration can be accomplished
over wireless connections. IPv6 has advantages over IPv4 for wireless
that have not been fully tested in large scale scenarios, though Germany
and Japan are way ahead of the U.S. in this area, but haven't published
their data in English, and no one has asked for a translation. Air gap
separation is not by itself enough protection. To be scary about it, classified
information might be stolen by foreign agents, with U.S. defense workers
not versed in IPv6 being none the wiser.
10. Myth: OK, so what's the problem if hackers use IPv6 to access
confidential or classified information? If no one has IPv6 plans, then
I can't be held responsible.
Truth: You can go to jail and lose your job for not securing your employer's
or sponsor's data, whether by intent or negligence - there are times when
ignorance is definitely not bliss. There are numerous federal statutes
that require keeping classified, or even private, data confidential, for
Executive Order 12356
Section 5.4 Sanctions
- (1) knowingly, willfully, or negligently disclose to unauthorized
persons information properly classified under this Order or predecessor
- (c) Sanctions may include reprimand, suspension without pay, removal,
termination of classification authority, loss or denial of access to
classified information, or other sanctions in accordance with applicable
law and agency regulation.
11. Myth: The U.S. is not behind Japan or other countries. All
they've done is put IPv6 in some buildings, dorm rooms, and taxis. Big
Truth: No, those examples are just what Japan's IPv6 Promotion Council
shows because it has authorization to show these examples, and they were
part of university studies, such as WIDE or KAME. In fact, there are over
370 companies implementing IPv6 into their operations in Japan alone,
with probably about half this number in South Korea and China combined,
compared to perhaps just 60 companies in the U.S. Virtually all of the
IPv6 implementations and applications that will bring competitive advantage
are kept secret, and, unless our intelligence agencies are re-tasked to
report on these, no one in the U.S. will know about them until it's too
late to catch up. (Unless we actually come up with something to share
on IPv6, and get into the loop).
12. Myth: No one is keeping track of who is leading in IPv6.
Truth: The laggards don't keep track, and the U.S. is an IPv6 laggard.
The leading nations do keep track. Here is a short article that has been
widely linked to, which I received in my email box a few minutes ago:
"Korea Owns World's Third Largest IPv6 Address Space
Sunday, 12 June 2005
Korea became the nation with world's third largest Ipv6 address space,
following Germany and EU. The nation is the first in Asia-Pacific region.
The Ministry of Information and Communication (MIC) and the National
Internet Development Agency of Korea (NIDA) said on Sunday that they
secured /20 Ipv6 addresses through APNIC, Asia-Pacific Network Information
The Ipv6 addresses Korea gained can give thousands of trillions IP addresses
to every single people on the planet.
The MIC said, "Securing Internet resources such as Ipv6 space is the
very fundamental infrastructure that can be compared to building highways
during industrial era. We would guarantee stable supply of Ipv6 in order
to realize a U(ubiquitous)-Korea."
Note that the U.S. isn't even worth mentioning -- it's not in the IPv6
13. Myth: The U.S. government doesn't have a good track record
in leading technology
Truth: The U.S. federal government has an excellent track record at leading
both technology and infrastructure, and especially technology infrastructure.
When the U.S. federal government has gotten involved, the U.S. became
a world leader for decades, as with the postal system, weights and measures
(until the 1970's, with the metric system failure), currency, canals,
railroads, telephony, radar, Black and White television manufacture and
broadcast, radar, satellites, interstate highways, airports, space launch,
the Internet, the integrated circuit, night vision, precision guided munitions,
and body armor. In those area where the U.S. federal government didn't
get involved as a leader, the U.S. failed to lead, as with 2G, 2.5G, 3G
(and soon 4G) mobile telephony, color television, smart cards, and, soon,
stem cell research.
14. Myth: IPv6 doesn't impact the economy or international trade
in any significant way.
Truth: The US is in big trouble, based on trade statistics, and whether
we lead in IPv6 will make a profound difference to thousands of industries
and to changes in our balance of trade. For most of the 20th Century the
US was a net exporter in virtually every category. Since Nixon, we've
been mostly a net importer of goods. Since Reagan, we've been a net importer
of capital. Since President George W. Bush's first term, we've been a
net importer of technology, and since his second term, we've become a
net importer of food. We have long been a net importer of both people
and labor. That leaves us with only three things we are net exporters
of: services, data, and media (TV, games, movies, and Internet-based content).
IPv6 will have a profound impact on broadband, telcos, ISPs, movie studios,
and international trade in services, data, and media. Look at what Sean
Fanning's Napster and DSL did to the music industry. IPv6 will be an enabling
technology to the unwary that could make the U.S. a net importer of services
and data, while making media a no-profit zone due to Intellectual Property
Rights (IRM) copying violations.
15. Myth: US companies are always the leaders in technology.
Truth: NTT Communications handles more IPv6 traffic and has more IPv6
customers than all US ISPs and telcos combined. It is running television
ads for consumers to advertise for IPv6. No U.S. company has ever prominently
featured IPv6 in major advertisements to date.
16. Myth: China is a third world country, and their use of IPv6
Truth: Some have estimated that about half of China's GDP growth (about
$125 billion a year) is based on purloined media and stolen technology
and reverse engineering, the first emerging superpower whose growth is
based primarily on theft of intellectual property (though the U.S. was
also prone to steal copyrights in the 1800's!), as well as just plain
copying. If China has IPv6 leadership, they will be even better pirates
(as well as legitimate competitors) than they are today, and no U.S. industry
is safely "off limits" to pirates, hackers, industrial spies, and even
17. Myth: If the U.S. federal government spends money on the Internet,
it benefits everyone, and the U.S. doesn't get any special advantage,
or return on investment.
Truth: The US federal government spent about $50 million on the IPv4 Internet,
and gets about $500 billion a year in extra revenue due to the extra growth
engendered by Internet-related activity in our $12 trillion economy. It's
fair to say that the U.S. federal government gets a million per cent return
on its investment in the Internet. There is also the fact that half the
world's present IP traffic goes through the U.S. (which also has half
of the world's major ISPs). Half of the U.S. traffic (and thus a 1/4th
of the world's) goes through Northern Virginia, where the ISPs are major
suppliers to the U.S. federal government (only the DoD has its own network,
out of 150 or so federal agencies); this level of trade and traffic generates
significant clout for the IT industry. U.S. Senator George Allen (R-VA),
for instance, has been a leader in the battle for a tax moratorium on
the Internet, which has helped the U.S. maintain IPv4 leadership. Thus,
the U.S. government and the ISP industry, as well as data-centric telcos
like MCI and wireless providers like Nextel, all benefit from the industry
In return for outspending the rest of the world's federal governments100
to 1 in the first decade of the original Internet, the U.S. got half the
Internet industry for the first decade of its commercialization. However,
the U.S. federal government is now being outspent 100 to 1 by other federal
governments on the New Internet (about $800 million to $8 million, by
my calculation). Americans can thus forget about having the same relative
position in the first decade of the upcoming IPv6 commercialization boom.
Instead of 50%, we will have less than 25%, perhaps as little as 10%,
of a market that will be much bigger than that created by the first Internet.
The U.S. Internet industry might even grow somewhat in absolute terms,
but it will shrink from a cat to a kitten relative to the rest of the
18. Myth: IPv6 doesn't impact the lives of ordinary people or "Joe
Truth: Joe Six Pack needs to either have a job, or get taken care of by
state government or the federal government. The U.S. federal government
got a $500 billion windfall during the 1990's in increased revenue due
in large part to economic growth that was due more to the Internet than
any other factor. A loss of Internet leadership could cause a surprisingly
large loss of both corporate jobs and of federal and state revenues, even
as millions of immigrants come into the U.S., putting millions of Joe
Six Packs into a position where they can't pay their mortgages on their
homes, just as many large companies go to court to try to shed their pension
19. Myth: IPv6 is already completed, so the U.S. government has
nothing to say.
Truth: IPv6 is about 10 to 20% finished, and there are over 100 hundred
RFCs (Requests for Comment) at the IETF, along with helpful suggestions
on how to "fix" problems or improve IPv6. According to the co-chair of
the IPv6 Working Group, "I can count on one hand the number of times anyone
associated with the U.S. government gave any input to discussions on IPv6,"
compared to, "I need the hands of everyone in my building for all the
times vendors gave input." Even now there are discussions and decisions
leading to how IPv6 will be used in very low-power and low-bandwidth wireless
networks, which will impact how data is taken from billions of sensors
to be purchased by the U.S. government over decades to come, and there
is no U.S. government input at all.
20. Myth: IPv6 is boring. Even the name is boring, and hard to
Truth: While reading RFCs is something only Internet experts gain pleasure
from, there are many aspects of IPv6 that can be learned quickly and painlessly
by programmers, manufacturers, designers, network planners, even CIOs
and elected officials, so that they can do their jobs better. IPv6 is
not a friendly name, which is why it is also called The New Internet,
which is easy to remember, and just needs to become a more standardized
reference for the protocol, rather than being used to describe new applications
that use IPv4, which, at 32, can fairly be called the Old Internet, since
that's longer than the life spans of most things, other than wealthy humans,
elephants, whales, viruses and microorganisms.
If you have your own myths, or corrections or disagreements with any
of mine, please send them to me at firstname.lastname@example.org,
and we'll create and update a myths section on our website.