Comcast pushes IPv6 forward
But it's going to be slow going, and for good reasons. Despite all IPv6 promises, there is still much, much testing to do before it's ready for prime time.
Today Comcast revealed that it has started an IPv6 "pilot market deployment" as first step leading to nationwide rollout next year. Broadband providers like Comcast haven't rushed the switch to IPv6 -- despite an increasing shortage of IPv4 network addresses -- because of lacking support, ranging from operating systems to network switches and other devices. Then there are security questions that only real-time use can answer.
"This first phase will support certain types of directly connected CPE, where a computer is connected directly to a cable modem", John Brzozowski, Comcast distinguished engineer & chief architect for IPv6, explains. "This will depend upon the cable modem (a subset of DOCSIS 3.0 cable modems, which will expand over time) and will also depend upon the operating system (only Windows 7, Windows Vista, Mac OS X 10.7 / Lion), which must support stateful DHCPv6". Comcast's list of cable modems is 74, but only three support IPv6.
Still, Comcast's starting with the cable modem is sensible, but could mean that, at least for the short haul, some customers won't be able to use their own attached routers -- many of which wouldn't support IPV6 anyway. Like other broadband providers, Comcast faces the challenge of supporting IPv4 while moving to its successor. Brzozowski explains:
It is also important to note that we are deploying native dual stack, which means a customer gets both IPv6 and IPv4 addresses. That means we are not using tunneling technology or large scale Network Address Translation (NAT). Using a tunnel introduces additional overhead compared to not using one (native IPv6), as your traffic must traverse a relay before going to the destination and back. And NAT technologies rely on two layers of NAT, one in your home (in a home gateway device), and one within a the service provider's network that usually shares a single IPv4 address across possibly hundreds of customers or more...We believe those two layers of NAT will break a number of applications that are important to our customers.
Still, there's a painful transition coming:
- Most of the hardware currently available supports IPv4 and may not be firmware upgradeable to IPv6 (some of that is lacking willingness, where the vendor wants to sell something new).
- IPv6 will break many connected applications, problems Brzozowski observes.
- Security of IPv6 networks is still unproven.
On the latter point, Larry Seltzer explains in a June analysis:
The bottom line from observations like this is that IPv6 is not even in its infancy in terms of development. It's more like a fetus. And while clearly a lot of thought and experience went into the security design of IPv6, nothing is secure by design. It's a rock-solid certainty, as we gain real-world experience with IPv6 and malicious actors find incentives to research and attack it, that we will find serious security problems with it. We have virtually none of that experience today...The transition period to IPv6, Meyran says, will be especially dangerous because there's no way the security products will be mature enough to handle the environment.
Someone has to take the lead, before IPv4 network addresses really do run out. Comcast (and its competitors) is right to get things moving. Finally.