85 comments

[ 3.3 ms ] story [ 143 ms ] thread
Coincidentally, I'm reading Where Wizards Stay Up Late about the development of ARPANet and it says:

> In designing the IMPs, BBN made it possible to loop the host and modem interfaces of the machine, so they could conduct “loopback” tests. The loopback test, which could be performed remotely, connected an IMP’s output to its input, effectively isolating the IMP from the rest of the network. This generated test traffic through the interface and allowed BBN to check the returning traffic against the outgoing traffic generated by the IMP.

So it seems like it was in there from the very beginning. No mention of the 127/8 address specifically though.

Great book, read it after a recommendation here. Even though I studied telecoms, the networking origins were still very hazy, knowing how everything started changes the perspective. As a software developer, I can even relate to some aspects of the effort.
The IMPs used an internal protocol that IP rode on top of. Like today, lots of networks use Ethernet at the physical layer today.
I guess this is related to the recent kerfuffle about to making (most of) 127/8 publicly routable to stave off the IPv4 shortage a little while longer.

We’re just delaying the inevitable. Sooner or later, the band-aid has got to come off. ~4 billion IP addresses are simply not enough for ~8 billion people.

So maybe we should just refuse to pile on more hacks and force the ISPs to get off their ass and upgrade their networks.

I hadn't heard about that proposal; do you have a link to discussion/source? It sounds like a Bad Idea and I'm curious for the arguments in favor.
Any effort that may be applied to reclaiming v4 address space will always be better directed to expanding global v6 connectivity.
Wouldn’t it involve mostly different groups of people?

IPv6 is now supported in the vast majority of operating systems and routers and firewalls. It’s now down to the carriers/ISPs to configure their networks to use it.

Ie the IPv4 issue is a programming issue, while the IPv6 issue is an administration/configuration issue.

Ie Ciscos software engineers aren’t the ones holding back your ISP from turning on IPv6. Cisco engineers aren’t toiling away adding much needed missing IPv6 features.

Unless I’ve missed something?

It's not that somebody is holding your ISP, it's that your ISP doesn't see IPv6 as something that they should bother doing (very low demand from customers).

And if that ISP happens to be one of those that decided that their core competency is marketing, and outsourced everything else, including network engineering... Well, than they view IPv6 as something expensive/risky (in project costs) in addition to useless.

> very low demand from customers

This actually pisses me off enormously.

It’s not that there’s low (or no) demand, it’s that people are not being recorded as having voiced this concern.

I can say for certain that over the last ten years when ISPs call to upsell their packages I always respond with “I’m not going to upgrade unless it gives me ipv6”. When talking to new ISPs I always ask if they support ipv6 and if not: when.

The answer is always “it’s not on the roadmap, we don’t have any people requesting this”- the follow up I usually ask is “are you going to write down anywhere that I am requesting this? Because others could say the same” and they always say that they won’t record my interest, even though it costs them an upsell or a sale.

So, I figured maybe I’m weird, maybe I am the only one. I have no way of knowing.

Except; I met someone else who also does this- we have the same ISP and they told him: “nobody has ever asked for this” which is categorically untrue since I have asked for this.

We’re being gaslit by the industry.

How many random people do you think will answer "yes" if you ask them if they 1) know what IPv6 is, and 2) if they want it?

Yeah, maybe some ISPs should be listening to their customers more (I heard tales of ISPs in the US), but in this they're not wrong: consumer demand really is low.

I've switched between IPv6-connected and IPv4-only quite a few times over the last 20 years due to moving to different countries with different options and was a fairly "early adopter" back in the day with the tunnels XS4ALL had, and even as a technical person I can't say I ever noticed the difference.

> How many random people do you think will answer "yes" if you ask them if they 1) know what IPv6 is, and 2) if they want it?

you can ask the same question about IPv4 and get same answers.

Yes, exactly. People don't care if they use IP or IPX or whatnot; as long as it works. And IPv4 does work, so people don't care.
> And IPv4 does work, so people don't care

I think this elides the point really.

People don't know when an issue is because of ipv4, for a good example: network issues in online video games are often caused by being unable to NAT punch, lag can also be because connection information is relayed by some far away STUN server. Same with in-game voice chat.

Usually you need to set port forwards to make games work properly.

In the event of GCNAT a customer has no possible recourse.

But nobody understands the issue is largely because of IPv4, they just assume that's how it is, and assume the same issue would exist with IPv6

Games, audio/video calls, screen sharing - any peer-to-peer traffic is a royal pain in the back with NAT and CGNAT especially.

Larger providers (zoom, apple/facetime, twitch, ...) just set up relay servers and avoid p2p altogether - which cost money, increase latency/jitter, and decrease privacy. You can argue all of that are hidden costs of sticking to IPv4 for longer than we should have.

Well, you can also ask general public whether they prefer SAE or metric fasteners, or mix thereof, in their car, and get the same blank stare in return.

But ask auto-mechanics, and hoo boy, will there be opinions.

Sure, but the argument was that there is a demand from the general public/customers, and that's clearly not the case.
> It’s not that there’s low (or no) demand, it’s that people are not being recorded as having voiced this concern.

It’s worse than that. People _complain about it being on_. Look at any forums about home network or WiFi troubleshooting and switching it off on your router will often be in the ‘first, do this’ sort of answers.

Even here this often comes up. The sentiment is ‘IPv4 has to work reliably because so many people don’t have IPv6 and things need to work for them. You’re only asking for trouble by also having IPv6’. As a practical matter it’s hard to argue with, but it’s not a way to make progress…

That's because quite often ipv6 is either badly implemented, or once you have it on, it changes ipv4 to CGNAT mode (hello, Liberty Media)
Furthermore, the lowest adoption tends to be in developing countries (Africa, parts of Asia and South-America), and I bet simple financial reasons are a decent part of the reason for that, if not the primary reason. The Indian government has invested quite a lot in IPv6, so it's leading in adoption rates last time I checked. This is good long-term thinking IMO, since developing countries are also the worst affected due to less addresses being assigned to them, but not every (developing) country has the means for that, and there are often other, more pressing, matters to deal with too.

Carrier-grade NAT (multiple consumers sharing the same IPv4 address) mostly averted catastrophic problems though. It's not perfect, but it works.

(comment deleted)
My point is more general. If you ever arrive at a notion which involves an attempt to reclaim v4 address space, it’s a specious conclusion and you need to refactor your premise.

A better use of your time and attention will be identifying what, within your scope of influence, can be done to further the reach of global v6 routing.

For a lot of people involved in the making of networking equipment, there is no scope of influence over increasing the global reach of IPv6. Maybe the documentation and sales folk.

I agree it’s more important that IPv6 rolls out faster and is more widely adopted today.

But as to your original claim “ Any effort that may be applied to reclaiming v4 address space will always be better directed to expanding global v6 connectivity.” is a false dichotomy.

ipv6 is untenable. We need ipv4.1.

Just add another octlet at the start, but stored in the options field. Old stuff won't get confused, and new stuff will know that empty means 1.x.x.x.x.

Problem solved.

How does that solve anything? Any hardware is gonna try to route packets to the "original" x.x.x.x and completely ignore this option field.
Over third of the world is happily using that untenable ipv6. That train left the station long time ago and is chugging along at steady pace now.
I fail to see how that is better than the already widely used NAT
The problem with this is that it requires hardware upgrades across the world: your computer, router, all the world's switches, a lot of software (e.g. software that stores IP addresses as uint32, but also native types that map to uint32), DNS infrastructure, etc. etc. etc.

This is basically the same problem as IPv6, except worse since we'll start from zero.

In hindsight, clearly a better plan than "this is IPv6, it's new, it's better, everyone will adopt it!" was needed for IPv6, and it would have helped if the IPv6 people were a bit more pragmatic from the start in their design (religious opposition to NAT springs to mind), but now it's about 20 to 25 years too late.

Easy to fix.

All we have to do, is explain that ipv6 reduces anonymity online, and thus, makes it easier for predators to track children. And thus, ipv6 endangers children!

This will enable a wellspring of governement grants, to roll out firmware updates for switches and routers, etc.

See? A non-problem.

i would LOVE it, if there was some project which would test popular appliances and linux at home, if v6(only) presents any problems...
What are users of these ISPs missing out on my not having IPv6? They need to rely on NAT for their devices, but that works fine as far as they know. Their IoT devices need to connect to remote servers instead of wait for remote servers to contact them directly, but that won't change how users interact with their devices so they won't care.

Maybe this isn't a serious enough crisis and we can just wait til it becomes a real issue for users. When it does, it will probably be incremental rather than catastrophic, so we'll still have time to upgrade networks piecemeal, and with more reason to do so.

> What are users of these ISPs missing out on my not having IPv6? They need to rely on NAT for their devices […]

This assumes that they can even get an IPv4 address. New ISPs and telcos may not be able to get enough IPv4 addresses to assign each individual connection one.

So either (a) the CPE only gets an IPv6 address and they have to use DNS64/NAT64 or 464XLAT to reach the IPv4 Internet, or (b) the CPE gets a shared address space (100.64.0.0/10) IPv4 address and CG-NAT ensues:

* https://en.wikipedia.org/wiki/IPv4_shared_address_space

* https://en.wikipedia.org/wiki/Carrier-grade_NAT

In which case the end-user gets to deal with double-NATing (first with their CPE/home router, and second by the ISP).

Case in point someone that is surprised that every customer gets a public IP address and CG-NAT is not done:

* https://old.reddit.com/r/networking/comments/uw0qwy/

>So maybe we should just refuse to pile on more hacks and force the ISPs to get off their ass and upgrade their networks.

I haven't recently looked at who has deployed what, but is this really it? US ISPs like Spectrum has been handing out IPv6 addresses for years now. My Verizon wireless phone can access IPv6 resources w/o issue as well.

However, show me the cloud services folks are implementing that are dual stack. Start mandating new service deployment is dual stack, and it'll happen. Similar to how the US Govt is pulling it off.

Right, consumer ISPs seem to be driving IPv6 adoption not lagging it. It's Big Enterprise, including all the supposedly "Cloud Native" companies, dragging their feet real hard right now.
The best answer in this old thread (Jan 2021, be sure to open the [thread] view) seems to be this:

https://elists.isoc.org/pipermail/internet-history/2021-Janu...

This, coupled with the previous answer that because the class A 127 had been reserved, it was hard to tell for backwards compatibility reasons what shenanigans had gone on in that whole subnet, seems to explain how we lost a whole class A subnet to the same function.
Thank you. This is wild.
that seems completely insane

that logic has been hard-coded inside every OS and vast amounts of software for 30+ years

and to gain less than 0.8%?

they'd do better targeting the reserved multicast range

> inside every OS and vast amounts of software for 30+ years

Ha. Ha. Ha.

> that logic has been hard-coded inside

The thing is what some things are literally hardcoded. I have a whole bunch of network gear circa 2010 in production.

It does support IPv6, but for the most part it is extremely rudimentary. What do you want from a box what implements SSH by running a telnet session over a no-auth SSH session?

And while I can run the latest Windows/Linux/Whatever on my server gear, the network gear is not that simple to upgrade.

>I have a whole bunch of network gear circa 2010 in production

I ran into this 10 years ago. I decided to roll out IPv6 to clients. Router docs said it was supported. Then I watched CPU usage peg because every packet hit the CPU. Turns out it was implemented in software; no ASIC support. Was quite the buzz kill.

Now consider that there are network components in the wild that have literal latch on first octet equaling 127 which triggers packet drop, and this proposal could drop hw acceleration for v4 too
What I don't understand is why IPv6 only has a single loopback address, instead of a /8 or /16. This would enable cool things like the OS mapping each subdomain of localhost to a distinct IPv6 address.
You can use ::ffff:0:0/96 or fc00::/7 for that.
Is it possible to just use ::ffff:0:0/96 to map them? e.g. ::ffff:7f00:0/104 maps to 127/8
Everyone suggesting that ::ffff:0:0/96 is a solution should note that not all network stacks are "unified". Windows' stack isn't unified (try accessing http://[::ffff:7f00:1]/ while having a loopback server and it won't work) and most non-Linux embedded OSes separate the network stack for size reasons (to the chagrin of IPv6 promoters, but most of them are simply trying to fit something into the half-MB EEPROMS like how most IoT devices don't have 5GHz Wifi support).
The server would need to bind to that address, and then it should work fine as long as that address is assigned to a loopback interface.

That's the same as any system right now. If I bind to 127.0.0.1 I don't automatically get traffic for or listen on 127.0.0.2

> The server would need to bind to that address, and then it should work fine as long as that address is assigned to a loopback interface.

... you haven't worked on Linux or Windows networking stacks. On Linux, typing http://[::ffff:7f00:1]/ when you have a bound server on 127.0.0.1 will automatically connect to 127.0.0.1. Conversely, it's a illegal operation in Windows: you cannot legally bind even with SYSTEM privileges.

What in the actual eff. Anything except actually switching fully to ipv6, amirite?

Trying to see the most charitable position here - is there an aspect in which redefining 127/8 to 127/16 across billions of devices is actually feasible?

I used to work tech support for an ISP years ago.... Trying to get people to find their modem and see if it was plugged into the wall was effort.

Imagine trying to get the same people to upgrade router firmware...... no chance

I assume that most ISPs push out updates automatically unless the hardware is user provided (and thus user supported)? I've been through several rounds of "we're sending you a new router" with UK ISPs where you're aggressively reminded to switch.
This is why the ISP routers and modems have all introduced remote updates from the ISP, sometimes going further with extra telemetry[0]. Not a great situation for those with the technical knowledge, but I don't think we can expect people to upgrade their router FW on their own.

0: https://old.reddit.com/r/ATT/comments/mqfy9a/just_got_our_ne...

I was pissed to learn that arris DOCSIS modems do not allow you, the owner, to install firmware updates or adjust most settings. Only the ISP gets to do that.
That's because bandwidth caps are enforced by the cable modem and not further downstream. When you pay for 10 Mbps down, 1 Mbps up, that is enforced by the cable modem.

Earlier versions of cable modems had flaws that allowed consumers to push configs on the ethernet port and uncap their cable modems and gain higher speeds than they had paid for.

Yep, what a silly design. I almost want to hack it out of spite.
If the ISP could add a paragraph to their T&C's, then monitor the speed...

"Thank you for upgrading your service to our VVVIP Price Tier! Your first three months as a VVVIP customer is 50% off..."

>If the ISP could add a paragraph to their T&C's, then monitor the speed...

They did, but the overhead at the time was high. And they generally didn't peruse unless you were causing trouble....or slipped up on OPSEC.

Cable ISP network security back in the day was horrid. SNMP string would get leaked. With that you could snmpwalk the entire node you were on. It was amusing.

That is true, there are people who use an ISP modem/router but what of the ones who don't, what of the android TV or phone is that doesn't get updates, what of that winxp/vista/7 computer that won't be upgraded.......?

There are so many other devices out there that are required for this change to work, it is insane to think it could be done.

> Imagine trying to get the same people to upgrade router firmware...... no chance

Which is why there are technical standards for the ISP to do it from their end:

> Technical Report 069 (TR-069) is a technical specification of the Broadband Forum that defines an application layer protocol for remote management and provisioning of customer-premises equipment (CPE) connected to an Internet Protocol (IP) network. TR-069 uses the CPE WAN Management Protocol (CWMP) which provides support functions for auto-configuration, software or firmware image management, software module management, status and performance managements, and diagnostics.

* https://en.wikipedia.org/wiki/TR-069

(At least on ISP-issued CPE.)

The router is the least of your problems. Consider all the devices connected to those routers which don't recognize 127/8 addresses as anything but loopback—some of which may never receive updates at all, never mind actually getting people to install them.
Anyone who is convinced that we really could quickly transition to a carbon-free energy future should consider the v4/v6 transition.

V6 has conquered big chunks of networking (mobile telephony) but deploying a v6 on the wider, public internet remains pointless.

IPv4 is not an existential threat
Sure, the analogy is not perfect — e.g. AFAIK there are no subsidies for v4 as there are for fossil fuels.

As far as existential threats go: everybody thinks locally and acts globally in most, if not all of their actions.

And existential threats and mortality are difficult for people to deal with. In fact there’s a whole branch of human activity devoted to that topic (religion).

I don’t mean to reduce the significance of the risk (I dropped my other work and now work in climate repair myself) but I think there is are fascinating and instructive lessons to be learned from this example.

The Internet with its AJAX/ReST architecture enabled by JavaScript in the browser lets you "link globally, interact locally"!

I just hope the Big AJAX Industry doesn't bribe congress to subsidize Fossil Protocols such as XML and SOAP, just to delay the transition to more environmentally friendly technologies like JSON and ReST.

NOTE: This packet is sold by net wait, not by volume. Packed as full as practicable by modern automatic equipment, it was delayed the full net wait indicated. If it does not appear full when opened, it is because contents have been compressed during shipping and handling.

I had never before thought of "think globally, act locally" as a description of the end-to-end principle.
For most people it's just means-to-end principle.

By "everybody thinks locally and acts globally" are you making fun of all that old hippie shit?

https://en.wikipedia.org/wiki/Think_globally,_act_locally

Announcement: The new official slogan is "act globally, act locally". Please update your programs.

Yes, regardless of ideals, I think my formulation is accurate. Nobody thinks of the polar bears when they drive their SUV a mile to pick up a loaf of bread.
Exactly, both won't (fully) happen until it's economically essential to make the transition.

The parts of the internet stuck on v4 (hard wired IPSs) won't move until is economical unviable to not use v6. Hopefully the rapid increase in v4 IPs price will eventually push them to sell off their addresses and move to v6.

In comparison, the parts of the economy dependent on oil/coal won't move until its more expensive to continue.

If only governments had some way of making it more expensive to continue using fossil fuels.
They could use further taxes but that would only negatively affect the poorer strata of population, as we are currently seeing with record high gas prices.

I have a hard time believing that big corporations can be pressured with this kind of policies, seeing that they can just pass on the extra costs down the line to the customers.

When do we base policy decisions on what's best for the poor?

No, I say it's the middle class: they can only just afford those big social signals they drive every day and don't want to give them up.

> They could use further taxes but that would only negatively affect the poorer strata of population, as we are currently seeing with record high gas prices.

Cut subsidies and give more money to the poor.

Except for the fact that McDonald's doesn't need to change anything for an electric car to use their drive-through. Literally the only thing that needs to change to move to (hydrogen|electric|whatever) for transportation is the refueling step. With IPv6 pretty much everything except the wires needed upgrading.
Decarbonization isn't just about cars. Currently, many homes have a furnace that burns fossil fuel, which can run from a small generator during a power outage. That generator could even use the same fuel as the furnace.

Switching to heat pumps means that our electric grids need to become a lot more reliable, both in terms of weather resistance and generation capacity.

I have lived many places with gas furnaces, and one with an oil furnace. None of them have worked when the power was out. The only place I have lived that had central heat when the power went out was an apartment with steam radiators.

All of the "currently need electricity" furnaces can be replaced with heat pumps without improving reliability of the grid. And if that is X% of the furnaces, we get X% of the total benefit by doing so. With IPv6, as long as each person accesses a single server node that is IPv4 only, then each person needs an IPv4 address.

One can run a gas boiler using an UPS (battery) to power it. In places where power outages are common people have them. A battery with the capacity enough to run a heat pump for at least several hours would be prohibitively expensive.
Again, if we replace every single furnace without a battery backup with a heat-pump, we get the majority of the benefit without any loss of utility. IPv6 transition has significant network effects, decarbonization has relatively few (with refueling being the primary one)
A slightly more insane but maybe a bit more practical would have been to try to move 10.x and friends into 127.x.
Ohh wow - I didn't think there were any serious proposals for this, this sounds like madness.
Keith Henson (who happens to be an old friend of John Gilmore, who wrote the internet-history post we're discussing) had to explain a geeky in joke about the 127.0.0.1 local loopback address, public ftp sites, secret copyrighted Scientologist OT religious texts, and a great troll of the usenet alt.religion.scientology group, in a legal deposition, under oath, to Scientology lawyers, while rolling on the floor laughing hysterically.

https://en.wikipedia.org/wiki/Keith_Henson#Scientology

http://smokyhole.org/kh/kh.htm

http://www.cryonet.org/cgi-bin/dsp.cgi?msg=6289

Readers of alt.religion.scientology were astonished to notice a large collection of alleged secret, copyrighted and trade secret protected documents of the church of scientology posted anonymously over the weekend of May 5. An expert source known to Biased Journalism verified the documents as authentic.

[snip--to transcript from a deposition of Keith Henson by the "Church" of Scientology. Lieberman is their lawyer.]

Lieberman: do you know who Patrick J. Volk is?

Henson: to the best of my knowledge I've never heard of this person.

Lieberman explains that Volk is apparently communicating from some educational institution in Pittsburgh. Henson still doesn't recognize the name. Lieberman hands Henson a document.

    From: hkhenson@shell.portal.com (H Keith Henson)
    Newsgroups: alt.religion.scientology
    Subject: Re: OT Materials...
    Date: 6 Apr 1995 19:35:38 GMT

    Parick J Volk (pjvst+@pitt.edu) wrote:
    :    Screw the courts....
    :    I have an ftp site for all the OT materials...
    :    ftp:127.0.0.1  /pub/texts/news/alt/religion/scientology
    :    I don't know how long I'll have it up.
    :    P J Volk
    :    (alt.2600 lives! All hail the clams and trolls!)

    Great stuff!  But don't you expect the 'ho to blow a gasket?
Henson: (cracks up) this is a great troll.

Lieberman: (acidly) you find this amusing?

Henson: yes. It's an in joke.

Lieberman quotes from the Volk post: "screw the courts" and also says that he has an ftp site for all the OT materials. "Mr. Henson is laughing hysterically about this posting for reasons that I suppose he understands--" Henson offers to explain.

Lieberman: What's an ftp site?

Henson explains that ftp means file transfer protocol. You can use almost any machine on the Internet to access a file on almost any other machine, that has been placed in an ftp directory, he says with relish. [He goes on at length about how this is done.]

Lieberman: Okay. "So when he said 'I have an ftp site for all the OT materials,' he is saying he has all the OT materials on a site which people can access." Was Henson aware of Patrick Volk's ftp site? Does this refresh your recollection? he demands.

Henson: well, you see right after the colon, it says ftp:127.0.0.1?

Lieberman: yes.

Henson: that's a loopback address.

Lieberman wants to pursue the question of the site with the OT materials. Was Henson aware of Patrick Volk's ftp site?

Henson: (patiently) It's at 127.0.0.1. This is a loop back address. This is a troll.

Lieberman: what's a troll?

Henson: it comes from the fishing where you troll a bait along in the water and a fish will jump and bite the thing, and the idea of it is that the internet is a very humorous place and it's especially good to troll people who don't have any sense of humor at all, and this is a troll because an ftp site of 127.0.0.1 doesn't go anywhere. It loops right back around into your own machine.

Lieberman [not getting it]: So the idea...

It works much better when you take advantage of the /8, and use an address like 127.23.213.58 -- works just as well, but far fewer people will catch on.
In the days of NCP, before TCP/IP (aka ipv4), the original ARPANET TIP manual "Users Guide to the Terminal Imp" (originally written in 1971 by William Crowther, one of the authors of Adventure) documents on page 5-4 the procedure for connecting an input and output socket of one TIP to an input and output socket of another TIP, through an unsuspecting host, so you could chat back and forth directly between two TIP dial-ups, without actually logging into the host.

https://archive.org/details/bitsavers_bbntipADA0eTerminalIMP...

It went something like @HOST #, @SEND TO SOCKET #, @RECEIVE FROM SOCKET #, @PROTOCOL BOTH, making sure the sockets were different parity so as not to violate the Anita Bryant clause with homosocketuality:

https://news.ycombinator.com/item?id=12422813

You could also add the octal device port number of any other TIP user on your same TIP after the @ and before the command, to execute those commands on their session. (See page 5-7, "Setting Another Terminal's Parameters".) BBN wrote such great documentation and would mail copies of it for free to anyone who asked (that's how I got mine), you couldn't even call it security by obscurity!