Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS
I, Cringely - The Survival of the Nerdiest with Robert X. Cringely
Search I,Cringely:

The Pulpit
Pulpit Comments
November 02, 2006 -- The $200 Billion Lunch
Status: [CLOSED]

I miss the "printable format" option - no need for these side-bars on paper, and there is lots of wasted paper real-estate.

Amos Shapira | Nov 02, 2006 | 10:22PM

I too miss the old "printable format" - I used to point web designers to it as a great example of CSS print styles in action.

Area | Nov 02, 2006 | 10:27PM

Wow, the Chinese government bureacracy being a model of efficiency compared to the US free market? Who'da thunk it? I can feel cognitive dissonance setting in now.

Mr Angry | Nov 02, 2006 | 10:37PM

Haha, funny you guys mentioned the print command.. This is my first visit to the blog, and i went to print it out - but there is no print command!!
Just did a highlight > Print Selection (although a simple print command would have been better!)

Andrew | Nov 02, 2006 | 10:40PM

So when is Cisco taking on Microsoft? I mean as soon as we all have a static ip addr. they can sell us a small home appliance server with all the networking we ever need. In buying it we never have to worry about a Web2.0 company going under and taking all our data with it. We can build peer to peer social networks of any scale without flashing ads .... and Cisco can happily provide the hardware and software underpinnings for all of this.
BTW who is providing names for all of this, DNS was never designed to handle that many names. New tld's won't cut it. How may smith.fam can we get?

ronald | Nov 02, 2006 | 10:45PM

We are working to restore the "print this page" feature to its former and superior simplicity. Check back soon--Ed

Editor | Nov 02, 2006 | 10:48PM

"’s packets average 63 bytes, while IPv6 packets will weigh in at 87 bytes."

Um, would you be referring to packet headers? IP packets tend to be about 500 bytes. The claimed increase of 24 bytes in a total packet size of 500 bytes would be less drastic.

Please, someone, correct me if I'm wrong.

Kirk | Nov 02, 2006 | 10:49PM

My ISP (and most others) officially allows me to have a single IP address, for a single device. Additional devices are $5/mo. We all tend to get around that issue with routers and NAT to allow all our devices to share the one IP and appear to the ISP as a single device (shh!).

With IPv6, I suppose, our ISPs can (and will!!) enforce that per-device fee. That's not something I'm looking forward to, myself...

Kirk | Nov 02, 2006 | 10:54PM

Hey, I *like* NAT. I like having only one IP address to present to the outside world. I don't want all of my devices on my network to have static fixed addresses assigned to them by some outside authority. I like having my own private network and total control over it. Assigning static IPv6 addresses to every piddly little network print server is asinine.

I understand the need for IPv6 but this insistence on giving EVERYTHING its own static IP address is stupid.

Mike Persons | Nov 02, 2006 | 10:54PM

Do we all have to make the "Great Leap" together?

If China can be an IPv6 "island" in an IPv5 internet (through some sort of clever router tricks?), I'd think transition to IPv6 *could* be done over a much longer term than 3 years. Companies and organizations could create their own IPv6 "islands" too, and over the course of a decade or two (as old IPv5 equipment dies), we'd eventually all be on IPv6.

Barney Greinke | Nov 02, 2006 | 11:00PM

Barney Greinke: it's an IPv6 "island" in IPv4 Internet, not in IPv5 ;)


Denis | Nov 02, 2006 | 11:19PM

The paragraph about ATM is all wrong.

First, we are moving from a 4-byte IP address to 16-byte address, not 8-bytes to 32-bytes.

Second, IP packets get broken up into multiple cells and the IP address only exists in the payload of ONE of those cells. Note the section titled "Structure of an ATM cell" in the URL I provided. The IP address does NOT exist in the cell header; It is just a part of the payload.

BTW I'm no fan of ATM, and never was. It was a lousy idea that became part of mgt's buzzword-of-the-day and I wasted a lot of time trying to explain reality to them. Just try studying ATM LAN Emulation for a certification exam, and you're left wondering what they were smoking when they came up with that kludge. ATM is fading away and good riddance. Cisco has removed it from their certification exams.

Robert Yoder | Nov 02, 2006 | 11:21PM

The ATM address you refer to is more like the Ethernet MAC address. It should not be affected whether you run IPV4 or IPV6.

Bill Reid | Nov 02, 2006 | 11:37PM

Sometime ago you said in a colum that someone devloped a NAT replecement technology that might prolong IP4...

What about it ? They've got it wrong, it wont save us from the DOOM of IP6

And I've been asking myself why the companies didn't started buying (when they need expansion) IP6 compatible (while using IP4) routers, switchers and etc when the products started to appear

Goolic | Nov 03, 2006 | 1:12AM

Robert Yoder has it right. The change from IPv4 to IPv6 will not impact ATM any more than it will impact Ethernet. Your ethernet MAC address will remain 6 bytes whether you're using IPv4 or IPv6 (or IPX, AppleTalk, NetBEUI, ...).

The only network devices which will be impacted are those which are aware of IP. These days, however, that's most of them. If you want a good picture of the struggles ISPs are having, take a look at this presentation given by Comcast engineering.

David Cuthbert | Nov 03, 2006 | 1:20AM

I wonder why you think the transition to IPv6 will be so expensive?

Just about every operating system already contains the new protocol. Most big routers can be upgraded to handle IPv6. Maybe replacing all the Linksys type boxes in homes will add up to several billions of dollars, but that's largely going to happen regardless of IPv6 as people move to higher access speeds.

Although it's true that China has few addresses compared to the United States, it actually has a good number compared to similar countries: 90 million, with 30 million received in the last two years. That's more than ten times what India has. Have a look at the included link.

Within five to ten years from now, we'll run out of IPv4 addresses. Around that point, it will become attractive to run IPv6, and for most people the change should be fairly transparent. As others have said, IPv6 over ATM works just fine (I'm using it right now). 53-byte ATM cells have room for a 48-byte payload. The smallest possible IPv4 packets fit into that, but if you want more than a handful of actual data bytes per packet you need more. So IP packets are split up over a larger number of cells to allow for bigger packets. In fact, ATM AAL5 SNAP supports 4470-byte packets by default.

Iljitsch van Beijnum | Nov 03, 2006 | 2:31AM

NAT may have been a kludge, but it turns out to be a very useful one. Millions of consumers, who can't get it through their heads not to fall for phishing scams, are neatly isolated from most of the problems on the internet. It's hard to imagine all those grandmothers safely configuring firewalls for their connections when the unroutable addresses are gone.

And are we sure we really want to give up control over encryption? From an engineering perspective, it makes perfect sense, but from a political perspective I fear it's an open door for official mischief, of which there is quite enough already. If the carriers are providing the encryption, the governments can order them to provide unencrypted taps. The US government has demonstrated they are willing to play fast and loose with such things, and there are plenty of governments that are even less trustworthy than the US.


G. Armour Van Horn | Nov 03, 2006 | 2:39AM

There are two ideas expressed in this article which I believe are erroneous. Both have to do with the supposed security benefits of IPv6.

The first is the idea that IPv6 somehow "gets a finger in the leak" of spam and exploitable Windows boxes. I don't see that spam is relevant at all, except to the extent that it is produced from exploited Windows boxes, so I'll just deal with those. There is some validity to the idea that IPv6 will protect machines which are vulnerable to worm attacks, but NAT actually has this property too. A computer behind NAT is behind a firewall, and can't be addressed at all unless it initiates outbound communication first. In IPv6 the larger address space makes looking for vulnerable machines like looking for a needle in a haystack. IPv6 is not offering an advantage over NAT here.

With regards to IPv6 and encryption, the two are actually somewhat independent. We get (low-level) encryption through a separate mechanism called IPsec. Support for IPsec is mandatory in IPv6, but optional in IPv4. The reason that there's not a lot of IPsec happening out there is that there aren't many cases where the cost-to-benefit makes it worthwhile. It's also not true that encryption low down the stack is universally better than encryption high up the stack. The best kind of encryption for email, for example, happens at the top of the stack -- before and after delivery.

The Famous Brett Watson | Nov 03, 2006 | 3:03AM

The Office of Management and Budget has mandated the US Federal Government to transition to IPv6 (see )and that effort alone is ramping up vendors and jumpstarting efforts to move. If the military side of govt is likewise moving in this directio, there is an awful amount of momentum building for others to upgrade as well.

john | Nov 03, 2006 | 6:29AM

I have a linksys wrt54g router now. As you know it is flashable and there is even an alternative to getting the code you flash from linksys. Two questions arise:

Could my current router be upgraded to IPv6 by flashing new code into its EEPROM?

When the various 802.11n devices begin to interoperate between manufacturers, should I buy one or should I stall until IPv6 802.11n routers are available?

John Raines | Nov 03, 2006 | 7:00AM

This is really just a side comment... Most of the R&E backbones, e.g., National Lambda Rail, ESnet, Internet2, and so on, are IPv6-compliant today. The problem is in the instututional LAN's at the ends, where local swithces and routers are not. It is the cost of upgrading these institutional/campus LAN's that is holding things back, with big universities in particular wondering where they will find the money. As it stands today, IPv6 packets flow through and between those backbones perfectly well, they just can't get to or from the users.

Bill Wing | Nov 03, 2006 | 7:42AM

@ The Famous Brett Watson -

I think that the advantage of IPv6 re: Spam is that since each host will have a unique identifier, blocking a particular IP (that may end up being the NAT device) won't disallow traffic from an entire LAN, but only the particular host that is offending.

Dave Hawkins | Nov 03, 2006 | 7:54AM

I don't believe every address will have a static IPv6 address; that requires too much memory in routers. I don't believe the DoD knows what it is doing, especially for wireless connections, where naked IPv6 adds the smae unaffordable overhead the columns mentions for ATM.

Or is this a November fools joke?

skeptic | Nov 03, 2006 | 8:00AM

The 87 byte median packet size came from an SAIC statistical study of actual Internet traffic that ought to be correct. Yes, packets can be substantially larger but most aren't.

IPv6 offers a few security advantages but not very many and I am sure there will be new vulnerabilities uncovered as the networks go into operation.

I am NOT saying that IPv6 is a big improvement, but it appears to be inevitable.

Your WRT54GS is probably NOT upgradeable to IPv6.

As for ATM, it never made good sense to me. I just figured it was a telco scam just like Token Ring was an IBM scam. We can argue all afternoon about the packet configurations but that doesn't change the fact that ATM doesn't work well with IPv4 and will definitely work LESS well with IPv6. And the concerns I expressed reflect the current thinking at one of the largest defense contractors so if I am wrong then its a good thing we already whupped the Russkies.

Bob Cringely | Nov 03, 2006 | 8:15AM

Uhh....what about software upgrades?? ;-)

Can't all the existing routers (particularly the big backbone stuff) just have an "IOS" upgrade to get to IPV6? Clearly, some genius ISPs will come up with ways of supprting both old IP and new IP protocols on their network (maybe by using NAT!).

Steve | Nov 03, 2006 | 8:15AM

every device on the internet will have a publicly addressable IP? That's a nightmare waiting to happen especially with windows machines.

hescominsoon | Nov 03, 2006 | 8:24AM

I think you misunderstand ATM's 53 byte-cell structure. There's a 5-byte header on the front, leaving 48 bytes for payload. And moving to carrying IPv6 won't change that, since the ATM header doesn't include any IP addresses, but ATM VCI/VPI information. IPv6 packets will be segmented to run over ATL AAL5 just as IPv4 packets are segmented currently. See the URL for more details.

Austin Donnelly | Nov 03, 2006 | 8:31AM

aw man, this article is so off the mark, it's gone past just plain wrong. some of the more glaring factual inaccuracies: 1. ipv6 makes things more secure (it doesn't), 2. encryption belongs solely at the bottom of the network stack (security is not just a network stack function), 3. your new ipv6 address is your old ipv4 address with just a bunch of zeros at the start (dunno where this came from), 4. we'll have to replace all routers on the internet core (most of them are v6 ready right now, it's the CPE devices which have the problems), 5. average packet size is 64 bytes (actually it's just over 500 bytes), 6. we're replacing atm with ipv6 (ATM was dumped years ago, thankfully, and the two protocols are not comparible anyway), 7. china was doled out very few ipv4 addresses (this is a persistent but highly ignorant urban legend), 8. china switched the whole country to ipv6 (they did't - but several chinese service providers have dualstacked networks), 9. that USG policy will drive v6 implementation (it won't, just look at what happened OSI in the early 90's). And so on. If you're going to write opinion pieces, please ensure that your article is based on fact, not fantasy.

nick | Nov 03, 2006 | 8:35AM

oh, and get your terminology right. 87 bytes may or may not be the median, but the average (i.e. arithmetic mean) is above 500 bytes. There are a couple of frequency spikes, one at 64 bytes, one at 512, one at 1500 and one or two others - packet sizes are not evenly distributed.

And your WRT54GS is upgradable to support ipv6 if you want to jam linux on it. And Token Ring was not a scam - at the time, it was substantially better than ethernet from several technical viewpoints, not least speed, but it got left behind for cost reasons.

and, and, and....

nick | Nov 03, 2006 | 8:42AM

You state more than once that IPv6 will fix our security problems (at least temporarily). Just what do you base this opinion on? IPv6 will in no way affect the flood of spam, virusus, trojans, and network attacks currently plaguing the Internet.

Confucious | Nov 03, 2006 | 9:27AM

China, China, China. 'All i hear about lately is CHINA.
Next, you'll be telling me they are buying all our debt and furiously building a Naval power in the Pacific that dwarfs the 7th fleet so they can control all the oil lanes!

Wakey wakey. Rise 'N shine.

jimi | Nov 03, 2006 | 9:38AM

Security? My only guess as to why IPV6 might give some perception of security is that now computers don't need to 'hide' behind a NAT appliance.

It also makes it easier to 'secure the resources' of unpatched/maintained computers (hijack). This gives many net blackhats many more easier to acquire 'resources'. It also makes monitoring by RSA/M$/whoever else cares easier.

Just my .02pesos

servant74 | Nov 03, 2006 | 9:40AM

A number of groups have been running ipv6 for awhile. There was the 6bone network. There are 4to6 gateways. I think GM went ipv6 awhile ago.

I 1st heard a talk on ipv6 in '95 from someone porting VMS code. It was: change the library, recompile.

ipv6 does away with NAT, DHCP (your MAC is part of the address IIRC) and has something like ipsec built in.

tom | Nov 03, 2006 | 9:40AM

My Mac is ready for IPv6!

Eric | Nov 03, 2006 | 9:48AM

And so is mine!

Jer | Nov 03, 2006 | 9:48AM

I believe you are wrong about the effect of IPv6 on ATM networks. The address in an ATM packet is a virtual circuit address that is not tied to the IP address in anyway. The VC is used by ATM switches, not by routers. The IP address (v4 or v6) is not seen or used by the switching layer. It only comes into play when IP packets are pushed up from the ATM layer to the router layer.

Bob Pendleton

Bob Pendleton | Nov 03, 2006 | 10:16AM

If this were twenty years or even fifteen years ago, we would have ported the Internet to IPv6 by now. The opening of the Internet to businesses and the invasion of Microsoft has turned the Internet into frozen molasses, where even beneficial changes come at a glacial pace because they would cost too much money. Only the threats you mentioned is bring about conversion, but even that will take years to bring about.

Andy | Nov 03, 2006 | 10:18AM

Every time we hear about change, the inevitable whining about "It's too hard", "It'll never work" and the like pops up. This issue is bigger than just the way the internet works. It's ultimately about they way we see and use technology.

Wake up folks. If you're whining about the difficulty of a thing, then embrace the change and become part of the force that shapes it, adopts it, adapts to it and makes a change work better than it was intended to. For those of us working in tech/media, we have to lead the way. Look at how open source coding has been a force in shaping how IT has evolved. Look at how black and whit hackers have shaped (for good and bad) the way we use the Internet. Look at how corporations have embraced the digital future because they know that it's they way they have to do business to survive, and ultimately, thrive.

I am old enough to remember when graphic designers, pre-press operations, TV and radio stations were dragged kicking and screaming from the days of linotypes and reel-to-reel editing into the computer age, and almost all of them were crying about the expense and the learning curve...until they began to use the technology and go faster, further and not only expand their bottom lines, but their creative capabilities. If we adopt, and invest in new tech like IVp6, and develop a culture where new tech is not seen as a curse, but an opportunity.

We may be in the 21st century,and we may use computers and digital devices instead of stone tools, but the basic facts remain the same:
1. Technology is tools, whether they are rocks, fire, wheels, wood or laptops and software. It's how we use them that makes the difference.
2. Better tools can make a person's existence better, but it's still up top them to learn how to use them to their best advatage--and choose the right tools for the job.
3. Living in fear of the future is condemning one's self to be stuck in the past.

Whiners wither and die are are led like sheep through their lives not knowing any way better to deal with change.

Adapt, overcome, innovate. Learn and lead thyself and those you care about.

Mark Ryan | Nov 03, 2006 | 10:20AM

Asynchronous Transfer Mode (ATM) can handle IPv6 packets. The slightly longer packets will be encapsulated into slightly longer ATM Adapatation Layer 5 (AAL5) frames and sent as cells just as they are with IPv4. ATM uses a 5-byte header to hold a VPI, VCI, Flags, and a checksum), not an 8-byte header as was mentioned in the article. For long packets, the overhead of the extra data will only incur the cell tax (5 bytes per 53 bytes, 9.4%). A 40-byte TCP ACK packet just fits in one ATM cell when the 8-byte AAL5 trailer is included. An 87-byte average-length IPv6 packet will fit nicely in two ATM cells.

John Lockwood | Nov 03, 2006 | 10:29AM

Tom, GM is still IPv4 (I'm in their IT deptartment). GM is generally on the dull trailing edge of technology changes.

Nathan | Nov 03, 2006 | 10:34AM

(hint: PAL is better but we don't have it).

PAL flickers noticeably compared to NTSC. Perhaps not everybody notices that, but then again you'd be surprised how many people still run their monitors at 60Hz refresh rates and don't see this as a problem.

David | Nov 03, 2006 | 10:35AM

We seem willing to credit the Chinese with being forward looking and progressive, and don't consider that there may have been other motives. Whether it's the RIAA looking for you, or the Chinese looking for dissidents, I have to believe that a fixed static IP address can only make that job significantly easier. In fact, wherever you hook your Ipv6 equipment into the network now (or soon), they'll immediately be able to pinpoint it to you at that location.

Now is this a good thing, or a not so good thing? You decide.

David | Nov 03, 2006 | 10:59AM

Yawn... When, oh when, will you get back to doing what you do best -- brown-nosing Apple and bashing Microsoft? I miss the old, gossipy Bob.

Johnny | Nov 03, 2006 | 11:17AM

How about making an option for your PBS website where the user can choose the classic (Frog) theme or leave it at the current red/black theme?

Philip Wall | Nov 03, 2006 | 11:34AM

I don't think you understand how ATM addressing works. It's closer to a MAC address than an IP address. The VPI/VCI combinations can stay at the same size with IPv6 as they are with IPv4.

Dave Weis | Nov 03, 2006 | 11:36AM

> A bad, bad thing. Wouldn't there still be a way for proxy servers or something to screen IP's from public view? A bank, for instance, wouldn't want its electronic transfers traced to a specific box and location. Is there a guarantee that spammers, mad bombers or kiddie porn would not still be able to spoof legit addresses?

Tom | Nov 03, 2006 | 11:37AM

Bob, I enjoy your articles, and been waiting for NerdTV season 2 for forever... but you don't know jack about networking.

NAT is limited, but it's a natural, easy to deploy firewall, which is good for all of the users out there that don't know jack about networking.

IPv4 is a pain for most users. IPv6 is going to be a bigger pain. Most users do not live in Silicon Valley, and know the OSI model, or how an Ethernet driver works.

Your ATM explanation is weak. You have fragmentation either way, and there is always an ATM header either way. Also, most interesting traffic more than 63 bytes. TCP/IP payload packets are typically in 500 byte range, and that's the traffice we care about the most.

The same IPsec that is available in IPv6, is also available in IPv4. Arguably security needs to happen at the application layer. How does the application know if traffic has been truly encrypted and secure? And IKE is only useful for authenticating hosts. SSL allows authentication of a user and application, which is better than knowing that the system connecting to is an encrypted tunnel connection. The identity of the other system is much more important!

Identity will not be solved by IPv6. Government would like to think identity will be solved, or atleast they can point the figure at someone and hold them accountable for something they may not have done.

IPv6 is not the silver bullet everyone is making it out to be. It solves some interesting problems, but it doesn't touch the real problems facing network; IPv6 does nothing for SPAM, illicit traffic. And the end of the day it replaces NAT, and then users will need to know what a firewall is, or be relegated to buying a new Dell every couple of months.

J | Nov 03, 2006 | 11:39AM

You dont' not get your IPv6 address by adding 0's to yours... Really Bob, this is one of the worst researched articles I've seen from you... ATM, as others has pointed out, doesn't really care about an IP header, its all payload. So packets are a little bigger, but thats just the way things are.

Side note, almost all routing equipment has the most difficulty forwarding smaller packets are wire speed, so this will make hardware vendors that typically have 64byte problems look better...

As for other comments about Hardware (which i do for a living), you cannot just upgrade your IOS, JunOS, or whatever, to IPv6 code and expect it to work UNLESS there is specific support for IPv6 in hardware. Even in ethernet switches some support for MLD is required to be truly IPv6 compliant. Routers, they need to support a host of applications including Router Agents that can assist hosts with auto configuration, OSPFv3, new multicast protocals, etc...

Even more lacking is the expertice in this area. How much is a good IPv6 Network Engineer worth? My guess is they have less than 2 years practical experience, and probably speak Chinese or Japanese as their primary language... US has a ways to go...

Steve D | Nov 03, 2006 | 11:39AM

Earlier poster expressed concern that their ISP could see LAN machines attached to an IPv6 router and might be charged for the extra addresses. Would an IPv6 router not show only its address to the WAN? This also brings up the question, who or what decides what the IPv6 addresses are for the machines on my LAN?

slimcat | Nov 03, 2006 | 11:41AM

Yaawwwwwnnnnnnnnnnnnnnnnn .........

Anon | Nov 03, 2006 | 11:45AM

Remember when we were going to have to all convert to metric to be competitive in the world economy?

Pine Grove | Nov 03, 2006 | 12:12PM

Well, I hate to say it, but NAT isn't going to go away with IPv6. No corporate IT person wants their internal network host addresses visible to the outside world. They will continue to use private IPv6 address spaces behind some sort of NATed firewall.


beowulf888 | Nov 03, 2006 | 12:45PM

I don't think there are many personal privacy laws in China.

Will IPv6 facilitate spying on consumers by corporations?

"Hmmm, he sets his toaster to level 3..."

jimbo | Nov 03, 2006 | 12:49PM

Bob, it isn't an issue for ATM (which is it's own disater), sure, the amount you can send in one packet is very small, but you generally set up channels, and leave those up, tunneling your ip traffic though them. Heck, ATM has only 48 bits of address space. It was a bad compromise from the days when telcos thought voice was the important thing.

Ronald Pottol | Nov 03, 2006 | 12:52PM

If you bought your WRT54GS recently, forget about upgrading it. Linksys (and many other mfgs) upgrade their devices to reduce cost. A later rev number does not always mean better to the consumer. The latest WRT54GS has smaller memory and does not run Linux anymore.

Search URL ( for Linksys version.

Bob Gustafson | Nov 03, 2006 | 1:10PM

ATM is complex. However, it also solves the QoS problem that bloats the bandwidth requirement of IP.

IP, as a 'best efforts' packet protocol can only provide voice quality QoS by requiring extra bandwidth so IP packets can get through the net without jitter or delay. In the last 4 years, there has been a surplus of fiber bandwidth, so IP has gained ground. This will not continue forever.

Perhaps the switch to V6 will provide a boost to ATM. The only change needed to ATM is to the software at the adaption layer (already done in most hardware).

Having ATM to the desktop (or home gateway box) would provide a nice QoS pathway for all those new applications waiting in the wings. Those 53 byte packets fit nicely into a cheap, pure silicon adapter.

Bob Gustafson | Nov 03, 2006 | 1:23PM

Yes, IPv6 will slowly resolve the current IPv4 address shortage -- but never, ever think that NAT will disappear. Looking at the world of security and minimizing external network exposures, watch for a new generation of NAT (RFC 1631) that operates under IPv6. There will always be room for NAT technologies.

kroe | Nov 03, 2006 | 1:26PM

Duh, You want rice with that?

cowhide | Nov 03, 2006 | 2:18PM

ATM has been dead for years! V6 will kill it on the wan which is the only place it is now being used to any extent. V6 certainly won't insipire changes to a dead technology. Anyone running voice on their IP network realizes you don't need ATM's 53 byte cells and that IP has more than adequate QoS mechanisms.

Billy Ray | Nov 03, 2006 | 2:25PM

" As such, a passive unprotected Windows system on the net can be infected with some kind of pathological code in a median time of minutes. Converting to IPv6 addressing would be a chance to at least get a finger into that leak."
I don't see how this follows. The elimination of NAT will expose more boxes, more open ports to the big bad untrusted world. It'll initially make the security problem worse, not better.
Sounds like job security for the firewall, antivirus, and data recovery professions to me!

Rick | Nov 03, 2006 | 3:26PM

We've been told that ipv6 is "just around the corner" for about a decade now, and in the mean time we've discovered that having regular network clients on a publicly routable IP address is a really, really, really, really bad idea. I vote we force some recarving of the generously handed out A classes which went to big corporations in the past, and see how it goes from there.

As long as I still need to use an 6to4 bridge kludge to replace a NAT kludge...fsck it, ipv4 works fine.

Fred | Nov 03, 2006 | 3:27PM

So who stands to make the most money from the conversion to IPv6? Cisco? Verizon?

G | Nov 03, 2006 | 3:43PM

It makes perfect sense to me that a totalitarian regime like Communist China would love to be able to track Internet traffic all the way down to a specific machine.

What a wonderfully chilling way to stifle free speech and political dissent!

The CIA, FBI and NSA here in the States must surely love IPv6 for precisely the same reason.

Love Live Big Brother!

Winston Smith | Nov 03, 2006 | 3:56PM

IPv6 will be here right after digital HDTV.
Both have been empty promises for so long, no one takes them seriously anymore.

Mike | Nov 03, 2006 | 4:39PM

Maybe 87 bytes is indeed the median packet size, but how is that relevant? What counts is the average, which is around 500 bytes for nearly all networks. Stuff like DNS and VoIP generates fairly small packets, but most applications use TCP which will make packets as large as will fit (generally 1500 bytes) with 40 byte (60 with IPv6) acknowledgments in the opposite direction.

IPv6 is an improvement in some regards. It's much easier to build an IPv6 (-only) network because addressing is no longer a complicated issue: each subnet has virtually unlimited room for hosts, and you get plenty of subnets. People tend to be worried about the lack of NAT, but you can still have stateful filtering and there are unique local addresses for stuff that shouldn't talk to the internet.

Security low in the stack = IPsec does have a very big advantage over doing the same thing higher up the stack: you get to protect protocols such as TCP too. With SSL, it's still possible to disrupt TCP for the purpose of denial of service. IPsec isn't vulnerable to this. Too bad nobody has figured out how to use IPsec in the places where we use SSL today, though, even though IPsec is present in operating systems that support IPv6.

ATM has one very useful property: it allows service providers to multiplex different higher-layer services over the same network. Here in the Netherlands there are a few companies that handle last mile DSL service, but they resell their service to many different ISPs. ATM allows them to set up virtual connections from each customer to the right ISP. However, ATM has many problems. Fixed cell size means a lot of overhead and small cells means switches run hot at relatively low bandwidth. When the ATM network becomes congested, you can have some real fun. For instance, when there is room for 90 cells but you have 10 packets with 10 cells each, 10 cells are dropped. These are very likely cells from different packets, which can then no longer be reconstituted. So 10% dropped cells can lead to 40 - 60 % packet loss. And all the ATM QoS services are based on dropping cells...

Iljitsch van Beijnum | Nov 03, 2006 | 5:20PM

i dont know baout anyone else but the thought of people being able to see not just one ip address but every single one on the network, and then the headache of protecting every cellphone, computer, gaming console, music player, stereo and endless other devices that are currently exploiting wifi and the internet to add to their functionality. I dont want someone hacking into my nintendo wii and deleting my saved games, LET ALONE my precious computer! address shortage or not, NAT will live, and i would hope so. It is considerably harder to hack something if all you can see is a stubborn router.

mooglinux | Nov 03, 2006 | 5:38PM

It is comparable to NTSC vs. PAL television
standards (hint: PAL is better but we don't have

Hint: while this is basically true, it's also telling that nobody cares. PAL isn't enough better to matter.

As things stand right now, something over 30 percent of Internet packet traffic is illicit, either spam email or attacks of various sorts. [...] Converting to IPv6 addressing would be a chance to at least get a finger into that leak.


Dan Pritts | Nov 03, 2006 | 5:39PM

so much for trying to format my posting.

maybe this will work.

It is comparable to NTSC vs. PAL television standards (hint: PAL is better but we don't have it).

Hint: while this is basically true, it's also telling that nobody except video geeks cares. PAL isn't enough better to matter. HD is enough better to matter, and guess what - it's selling.

. As things stand right now, something over 30 percent of Internet packet traffic is illicit, either spam email or attacks of various sorts. [...] Converting to IPv6 addressing would be a chance to at least get a finger into that leak.


bottom line, ipv6 is coming, you're right. But it is not a panacea for all the ills of the internet, and I don't believe there is any competitive disadvantage for the US in not having it. servers that are worth talking to will have v4 addresses for the foreseeable future, and when we get down to the wire, there will be, you guessed it, something like NAT to talk to those v6 devices.

regarding NAT providing security, sure thing, it does; but you could have a simple v6 router/firewall that provides the same security functions for the same cost, but will allow your applications to work better. That's the real cost of NAT, broken applications.

Dan Pritts | Nov 03, 2006 | 5:45PM

Mike...There is little to no reason for the millitary to encourage HDTV, yet with IPv6 they have a much more vested interest. THAT is why it will happen, not because we as a country need it (yet).

Bob...I know this is not the point of your column, but PAL isn't exactly better than NTSC. The frame size is so minutely different that it barely matters. The only thing that makes PAL look better is it more accurately represents video that was shot on film. Other than that I have to encounter any other instance in which PAL is superior.

Steven Sokulski | Nov 03, 2006 | 5:47PM

"The good parts about IPv6 include ... much easier tracking of data on the net."

A politically adventurous Chinese citizen might list that among "The bad parts about IPv6". (And it might also be another motivation for China's early adoption?)

Paul Brogger | Nov 03, 2006 | 5:56PM

It's really not that hard, most of todays routers already support it as well as most operating systems and you can still run v4 and v6 on the same network. Bob is right in the fact, that it will just turn out to be a money pot for all the "sky is falling" consultants preying on uninformed mangers just like Y2K was a huge waste of time and money.

Bill Dagy | Nov 03, 2006 | 6:11PM

I am a COBOL programmer. Do any of you shops out there need tu upgrade some code?

Richard Lick | Nov 03, 2006 | 6:38PM

China really has no choice. As late-comers to the Internet, they got the network address crumbs. But while the hype is that every toaster will get its own IP address, the reality is that there are plenty of addresses still available. They are just 'embedded' in class A, B, and C networks, which has proven to be a horribly inefficient way of dividing up the address space.

Each of the 126 class A networks (network 10 being one of the 2 NAT'ing networks) has 16 million addresses. The US DoD owns several of them, while a few companies like AT&T and Verizon own some. The rest are 'arpa reserved'. The companies are carving them up and leasing them out. The DoD uses a lot, but not nearly as many as they own.

Each of the 16,000 class B networks has 64,000 addresses, and some companies own 2 of them. But many (most?) of the owners are using a lot less than the available addresses.

Then there are the lowly class C networks with 126 usable addresses apiece. With 2 million of them, the 2(!?!) broadcast addresses per network account for 4 million unavailable addresses. Most companies own 1 to several of these networks, and you know that almost none of them are using exactly as many as are available, so there go another 2/4/6/8/10 million addresses.

And don't forget class D or multicast. This is one of those 'seemed like a good idea at the time' mistakes. Multicast is certainly being used, but not to the tune of a half billion addresses.

Yes, the DoD is trying to force a top-down IPv6 roll-out, but is facing the same inertia as the rest of the country. It's the old story of rebuilding a moving train. IPv6 will be on the battlefield before it's in the offices, because battlefield networking is comparatively new. But Cisco is going to make a fair amount of money on v4-v6 gateways before they clean up on IPv6 routers (because you know that the bean counters are going to believe that paying half now and three quarters later is a good deal!).

As far as IPv6 security, you get encryption and authentication. This will probably eliminate brute force and spoofing denial of service attacks. But since the vast majority of vulnerabilities are at the application level, which is exploited by data in the packet payload, IPv6 will have very little impact on the current security picture, other than to make things more difficult for network intrusion detection systems. In fact, I will be surprised if it has any noticeable effect on spam.

Don't get me wrong, IPv6 is a significant improvement over IPv4, and the (real) inventors of the internet did something that had never been done before, so I am not faulting them for the fact that it is less than perfect. However, IMHO, the entire TCP/IP protocol needs a makeover. Of course, I cut my teeth on IBM's System Network Architecture in which every bit in every packet header (and even some of the payloads) is explicitly defined, and you won't find the word 'should' anywhere in the protocol specification.

JJS | Nov 03, 2006 | 7:15PM

As a small addendum to Mr. Lick, last I checked each Class C address includes 254, not 126, usable addresses... 253 including the router needed to actually talk to someone else.

His general conclusions are still valid. IPv4 isn't so much completely exhausted as it is horrifically inefficiently allocated. IPv6 does make a good go at helping with that due to the partitioning of separate client and network sections.

What I worry about is that most ISPs charge extra (often a lot extra) for the priviledge of having multiple IPs in your home (in the worst cases you get bumped up to "business class" pricing). With NAT, as far as the ISP knows you really are only one system...

B.C. Bennett | Nov 03, 2006 | 7:28PM

Why not simply take the existing IPv4 addressing and convert it to hex? The new equipment would still be able to read old IPv4 addresses, but would also accomodate values beyond IPv4's limitations.

I don't remember much of my study of IPv6, but I do remember thinking, "I'm going to have to type all that crap just to ping a box?" (x.x.x.x::y.y.y.y not withstanding).

Bob, you mentioned Halliburton. That was a mistake - you were warned . . .

Edification awaits ->


More good truth and unbiased factual stuff here ->


Kiss your Bill Moyers poster good night and go back to writing about technology.

Politics ain't yer thang.

Cpt. Caveman | Nov 03, 2006 | 9:18PM

Just when I was feeling good about Vista moving to IP6 suddenly it's just another awful thing. Does it count for anything that Linux and Macs have had IP6 compatibility for a while?

Ephilei | Nov 04, 2006 | 12:24AM
Uhh....what about software upgrades?? ;-) Can't all the existing routers (particularly the big backbone stuff) just have an "IOS" upgrade to get to IPV6? Clearly, some genius ISPs will come up with ways of supprting both old IP and new IP protocols on their network (maybe by using NAT!).

In fact, it's just the opposite. Cheap routers will be able to do with a software upgrade; expensive big backbone stuff does the routing in custom silicon.

that said, anything in that category that's been introduced in the last 5 years (probably longer) already handles v6 in hardware.

Dan Pritts | Nov 04, 2006 | 12:44AM
Uhh....what about software upgrades?? ;-) Can't all the existing routers (particularly the big backbone stuff) just have an "IOS" upgrade to get to IPV6? Clearly, some genius ISPs will come up with ways of supprting both old IP and new IP protocols on their network (maybe by using NAT!).

In fact, it's just the opposite. Cheap routers will be able to do with a software upgrade; expensive big backbone stuff does the routing in custom silicon.

that said, anything in that category that's been introduced in the last 5 years (probably longer) already handles v6 in hardware.

Dan Pritts | Nov 04, 2006 | 12:45AM

Great article! Enjoyed the read and greatly apreaciate the time you have put into this.

Michael Skelton | Nov 04, 2006 | 2:55AM

What does Halliburton have to do with IPv6?

Jeremy Miller | Nov 04, 2006 | 2:55AM

Michael, Halliburton has everything to do with government spending.

yottabite | Nov 04, 2006 | 3:20AM

"What does Halliburton have to do with IPv6?" Halliburton does s lot of military contracts, and the military is planning on going IPv6 only. That means Halliburton gets a lot of new contracts for new hardware.

Jeff Morton | Nov 04, 2006 | 3:28AM

Most of the big Cisco iron can be upgraded to support IPv6, usually with just a software version upgrade. A lot of the smaller Cisco gear can be too. I'm not terribly familiar with any other brand, though.

Has anyone come up with a way for IPv6 and IPv4 to talk to each other without translation yet? That is ... have the difficulties in Dan Bernstein's IPv6 paper been addressed?

Until these problems are resolved, you're just trading one form of NAT for another, and I doubt it's as straightforward as the current form of NAT.

elyograg | Nov 04, 2006 | 5:59AM

or consultancy. deisgn. risk assessment. etc

ss | Nov 04, 2006 | 6:11AM

I am looking at my Macs and my Linux boxes any they are good to go. Airports good to go. Linksys not so sure, but I never loved those anyway. Motorola Surfboard and the rest of the cable network, no idea but knowing them they never thought of this. I would be happy with the bandwidth I contracted to pay for but have never gotten.

GregR | Nov 04, 2006 | 8:28AM

IPv6 over ATM is no big deal. The solution is Multi-Protocol Label Switching (MPLS). Each packet carries a 1-byte label, and each router has a table mapping incoming labels into outgoing connections and new labels. The upshot of which is that you can move IPv4 and IPv6 traffic over ATM networks efficiently without needing n*n virtual circuits or a packet header in every cell.

Paul Johnson | Nov 04, 2006 | 10:13AM

I'm not a techie, so would you please write a column on what this will mean to the average guy with a Mac and a PC, VOIP, cable modem, a slingbox, and a Linksys router? Although I'm not a techie, I'm a pretty good early adopter, and I have all this stuff. I already know my Linksys (Vonage) router will be toast, because I can't even get it to work with my Slingox.

francine hardaway | Nov 04, 2006 | 10:45AM

I am not an expert, but I believe that the ATM level has 53-byte cells which only needs to carry the media address of the layer-2 next hop, and another ATM layer - the AAL5 layer - is used to group cells so we can have up to 4700-byte MTU. The AAL5 layer reassembles the cells, and it's this layer that dictates the MTU. This is why packets with Ethernet sized MTUs of 1500 can get across ATM without needing to be fragmented. If IPv6 was transported directly across the base ATM layer then we'd have a huge problem, but with the AAL5 layer it's no biggie.

Gavin Owen | Nov 04, 2006 | 11:25AM

I attended the SCTE tech expo this summer in Denver. Cisco had a very large booth with all their fastest stuff. Off on the one end, there were 3 PCs and phones running IPv6. I talked to the Cicsco dude for a few minutes and the one thing I took away was that there were 3 groups pushing for IPv6: The federal government, Comcast, and Time Warner/Roadrunner.

The vision from Cisco is that we will have a home home subnet for connecting all of our devices, including STBs and wireless phones. While this is possible today, imagine buying an IP phone, plugging it in, and having it autoprovision with a call manager in the cable headend. To the customer, it just becomes another extension, no muss, no fuss. Since the call manager will know the device based on the subnet, the customer won't even need to call in to have it put on an account or anything else to get it activated.

Compare that to what would need to happen today. The customer would need to contact their VoIP provider to get the phone activated. Then the phone will need to contact the call manager. The VoIP provider will need to make sure the CM knows about the device and any authorization necessary. All this takes time, introduces mistakes, and requires people in the loop.

Star Raider | Nov 04, 2006 | 12:04PM

In the end, IPv6 is going to make a huge amount of noise for years, and end up coming in with a whimper, as people continue to use essentially identical networking hardware and software. The only difference most people will ever notice is that IPs are written differently. Otherwise, honesly, why should I (as a network admin) even care? I don't work for a telephone or cable company, let alone the many people who don't even know what IP is.

I'll continue to manage my networks in exactly the same way (NAT and all) with IPv6 as IPv4, though subnets might be divied up differently. I'll still need departments firewalled off from each other in order to limit exposure, so the promise of more-than-class-A is superfluous. I'll still need firewalls, antivirus, and content inspection, because IPv6 won't magically make bad guys stop port scanning, spamming, and hacking. I'll still use DNS for adressing, as it should be, and leave routing to the routers.

foxyshadis | Nov 04, 2006 | 4:59PM

The mentality that has decided that NAT needs to be removed is foolish.

IPv6 will not be around forever. Eventually, something will come along to replace it. If you thought the migration from IPv4 to IPv6 was slow, just wait until every household appliance and gadget really does have its own IPv6 address and no support for NAT when the replacement for IPv6 comes along.

Planning to eliminate NAT (as in IPv6 to whatever) is planning to fail, eventually. Either that, or it assumes that IPv6 will be the end-all, be-all of networking for all eternity. Hah.

IPv6 deployments are not forward-looking. If one is actually looking forward, one would be wondering about how long will IPv6 last, and what will happen next. Even if it is impossible to know what will come along, there is the certainty that *something* will. As such, there ought to be an understanding that there will *always* be the need for NAT/protocol gateways.

(Of course, this has always been the problem with the IPv4 to IPv6 transition. If someone had come up with the perfect IPv4IPv6 gateway, then by just sticking two together, one would have the perfect IPv4IPv4 NAT box, defeating the proposed need for IPv6.)

Kim | Nov 04, 2006 | 5:22PM

Yes, IPv6 will come. I worked in a project in Microsoft that we've made sure was IPv6 compatible. Why? To waste development cycle.

IPv6 will take a while to take off.

And the steps will be...

1) the core infrastructure of the Internet will need to be upgraded to support a IPv4-IPv6 hybrid system.

2) ISPs and Data Centers will need to upgrade their systems, also supporting a hybrid system.

3) Then, everybody, everywhere will need to start installing new home networking devices that support IPv6. A lot of them already do, but most don't yet.

4) Then, there will be a period where backward compatibility will be allowed, like for older cell phones, etc.

In my math, that is going to take between 10-15 years to complete all 4 steps. I'll wait before I write a single line of code to make Sampa ( work with IPv6.

Marcelo Calbucci | Nov 04, 2006 | 6:20PM

Thanks for the warning, Bob: a new Y2K is coming. Maybe there are some inaccuracies in the networking mumbo-jumbo -- I can't tell, but it seems many readers can -- but the point is clear: money will flow. I'm sure the media will eventually turn this into a big hype like Y2K was. I had no idea China was IPv6 already.

For those of you who find it easier to read in Spanish, I've just finished translating this week column. You can find it here:

Juan Diego | Nov 05, 2006 | 3:26AM

I almost forgot: Ed the Editor. That's a good one, hehe.

Juan Diego | Nov 05, 2006 | 3:29AM

"As things stand right now, something over 30 percent of Internet packet traffic is illicit, either spam email or attacks of various sorts."

This is an interesting figure. Do you have any reference to back it up? Seems very high to me.

Scot | Nov 05, 2006 | 6:24PM

As someone who worked on the Future Combat System and is intimately familiar with it, I can tell you that FCS is a trainwreck -- and always has been. Once upon a time, it had a realistic vision: then Boeing shelved that in its deal with SAIC. Along the way they decided to cease pushing the real problems of intratheater and intertheater heavy lift, and instead began shilling all manner of lies to justify funding the "netork-enabled" future force. We don't need new vehicles or the Joint Tactical Radio System (JTRS, the cornerstone of the "new network") or autonomous bots. We need cheap heavy lift that moves our current force of vehicles (70 tons Abrahms) efficiently. FCS always has been, and always will be an abject failure. Sen McCain was right to push for its closure -- and you should stop listening to the Boeing/SAIC lies and tell your congressman to eliminate the FCS budget.

Anonymouse | Nov 05, 2006 | 7:12PM

What about the high ports? A IPv4 address is port address. So, each one of the 4 billion addresses has 64K possible devices attached to it.

Years ago, our Bay Networks firewall used the "high ports," those from 32K to 64K to NAT the network. We put 50 PCs behind it and they all used a single public IP and randomly assigned high ports. It seems there is only a perceived shortage of IP addresses available, caused by some obsolete national allocations.

And yes, the low ports are assigned and need multiple public addresses for multiple public servers. But jeez guys, 4 billion Web servers, 4 billion FTP servers, 4 billion Mail servers are not enough?

Maybe I am just old fashioned, but I still think IPX worked better then IP for a LAN. You had to have an IPX to IP gateway, but you had to have a firewall anyway, so what was the big deal. (Heck, I still have fond memories of ArcNet.) I only bring this up, to point out that superior technology has nothing to do with what will happen.

"Someone" has decided that IPv6 is the way to go, so we will have to go there. And then we will figure out some NAT scheme to use to hide our devices, anyway.

James Musto | Nov 05, 2006 | 8:44PM

NAT vs IPv6?

Put a sniffer on your raw internet connection, you'll quickly see why NAT will be with us for years to come. The internet is a dangerous thing and one needs to keep it out of one's home and PC's.

When I visit a company having network and/or security problems, one of the first things I look at is their network addressing. Companies with internal 10.x.x.x or 192.168.x.x addresses tend to know what they are doing and more important, why they NEED to do it. The really smart companies will set up subnets that have NO internet access whatsoever and very restrictive (and monitored) intranet access. It is on those networks where one should find cash registers, ATM's, control systems for nuclear power plants, etc. Giving everything in your company a potentially accessible and routable inTernet address is rarely a good idea. This will still be true in IPv6. This will be true in one's home too.

One more thing to think about. If there was no internet access for your PC, you would need very few of the software and security fixes provided by Microsoft over the years. You could be running Windows 98 or NT 4.0 and not have a worry in the world. Think about that. It is important to understand, the more access from the internet you allow to the devices in your home (or business) -- the greater the chance they will be compromised. While we like to blame Microsoft for our problems, its not unlike the argument -- guns don't kill people, the people using the guns do. The real security problem sits on the internet. Windows was just an easy target.

John | Nov 05, 2006 | 10:28PM
keep it honest | Nov 06, 2006 | 5:25AM


I'm appalled at the burnt rubber (and hot air) about ATM. Mr. Cringely's comments simply are wrong (as are many of the shoot-from-the-hip experts). Mr. Gavin Ownen is the only one who's come even close to getting it right.

ATM is a node-to-node, Layer 2 protocol -- not a network protocol. IPv6 has absolutely no effect on ATM.

Those wishing to get an authoritative understanding should refer to Telcordia's GR-3102 (10/2000) and associated documents.


Wireless1 | Nov 06, 2006 | 5:36AM

The real problems isn't address space it's government regulation and control of free speech.
The internet is the only free speech organ left,
other than distributing handbills. The
newspapers are controlled, the TV, radio pretty
much locked out to any but the big corporate players and media moguls.

Candidates with an alternate agenda like, stop the war, stop the green house gases and having
real alternative energy solutions are crushed.

The whole thing is a joke, once they have control
of the internet the only free speech zone will be
in your brain and with MRI brain scans that will be prosecuted also.

Gulags here we come, pack your pajamas kiddies,
you have a right to scream loudly as they water board ya.

KnigthofComcast | Nov 06, 2006 | 8:38AM

So, IPv6 is more secure.
You do realize that right now, millions of suckers who know nothing about computer security are firewalled off from the majority of crud by their NAT routers?
Once IPv6 is ubiquitous it'll be a complete and utter worm-fest.

Yonzie | Nov 06, 2006 | 8:46AM

The cost of upgrading to IPv6 will be both more and less then predicted. Less will be spent on actual hardware, because most routers and such have had IPv6 support for years. It's one of those 'check the box' items on any requisition.

The real cost of IPv6 is the software. Just like Y2K, a lot of network software assumes that a network address is 32bits. Now, well-written software uses standard interfaces, which abstract the address type and handle the longer addresses. But how much of commonly used software is 'well written'?

Perhaps the IPv6 change can happen top-down. IE: ISPs and IPPs use IPv6 to talk to each other, but they give their end-users regular 32-bit internal only addresses. Sounds a lot like the current NAT scheme, doesn't it?

Chrs Kiick | Nov 06, 2006 | 11:18AM

I see no reason for referring to NAT as a kludge.. o sure, in the future static ip's will be a dime a dozen and all organizations will want their butts hangin out a mile on the web , esp if they use windoze machines, NOT!! ha..ha.. ha.. NAT is here to stay, irrepsective of the availability of an infinity of possible public ip addresses ! Here's a little script i use which, appropriately enough, i named "nat" : " " "/sbin/iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source " .. I ask u "kludge"? Nah, logical, simple and NECESSARY!

ron cole ..linux guy | Nov 06, 2006 | 12:47PM

I think your ATM math is off -- switching from IPV4 to IPV6 adds 20 bytes of overhead, worst case, because a IPV4 header has more cruft in it than an IPV6 header -- however the low-order bytes of a real IPV6 address are exactly the hardware address, and an implementation could refrain from repeating them; which makes the overhead only 12 bytes -- if you adopt the convention that the last 8 bytes of the destination address are stored in the first 8 bytes (the hardware address portion) of the ATM-level frame.

Of course, going from 40 down to 28 bytes of delivered data still loses, but it's way better than 16...

Marc Mengel | Nov 06, 2006 | 4:36PM

That's right, we only do things in this country to benefit Halliburton. Nevermind Clinton-Gore gave them the no-bid contract they fulfilled.

andy | Nov 06, 2006 | 4:59PM

The advantages of IPv6 are clear; one can still have an IPv6 router with DHCP so that the network can remain hidden from the outside world.
1 second refresh times, and both stateful and stateless routing. There are so many good reasons to move forward with IPv6; it is the implementation and initial cutover that will be the chore. There are whole books on the IPv4 and IPv6 transition requirements, router conversions/ gateways,etc. All of the major operating systems already make provision for IPv6.

Roger Hall | Nov 06, 2006 | 7:12PM

ATM uses fixed-size cells, with an IP packet split across as many cells as it takes, with 48 bytes of payload and five of ATM overhead per cell. For certain types of traffic, say for terminal sessions with very small volumes of payload data, this can be very inefficient. But increasing the size of an IP packet's headers is nowhere near the disaster you suggest simply because the IP-layer headers do not appear in every ATM cell carrying a part of the IP packet.

A 63-byte IP packet fits into two ATM cells. An 87-byte IP packet will still fit into two ATM cells.

Donald Neal | Nov 06, 2006 | 10:54PM

Consult a CCIE (or at least a knowledgable CCNA) to go over the gist before printing.

Free speech is a great concept, but this is one of those reminders that internet articles are prone to a tremendous amount of misinformation as time to print becomes more important than what to print.

"Wireless1" hit the nail on the head:

(Wireless1 | Nov 06, 2006 | 5:36AM)

ATM is blissfully ignorant of the details of its payload. It simply doesn't care. ATM operates at the layer BELOW (2) IP (3). The layer three data, as far as ATM is concerned, is raw payload data. It could be photo renderings of butterfly wings for all ATM cares.

The user does stuff at the Application Layer (7)


That user's stuff gets coded and converted at the Presentation Layer (6)


The converted stuff seeks to establish connection details at the Session Layer (5)


That application session gets a port number at the Transport Layer (4)


With port number assigned, the whole mess gets encapsulated in a network PACKET, shockingly enough at something called the Network Layer (3)


All these juicy bits are encapsulated in a FRAME at the Data Link Layer (2)


And once all that's done, all the 0's and 1's get converted from digits to voltages at the Physical Layer (1) and are sent across (typically) a wire.


Notice how everything in layer 3 gets encapsulated in a Layer 2 frame? Layer 2 could care less what's going on at layer 3. Its all bits of payload - and none of it changes anything at layer 2.


ATM doesn't EVEN KNOW if its transferring IPv4 or IPv6 - it DOESN"T CARE.

For more involved edification, please check the following link:

The OSI Model overview at

Cpt. Caveman | Nov 06, 2006 | 11:56PM

I had not been following this column that far back

Had it not been for his Democratic, liberal leaning political digs, I might have been surprised:




Cpt. Caveman | Nov 07, 2006 | 12:48AM

Mr. Cringely (a name which you stole), you're an academic fraud who lied about being a PhD.

Your article contains errors from start to finish.

I'm not going to hold my breath that you'll correct these errors, you never do.

George Ou | Nov 07, 2006 | 4:31AM

Mark - thanks for the new blog format. It has allowed me to see you for what you really are - in the short span of only two articles. Wow.

Fred | Nov 07, 2006 | 6:57AM

So, move to China. You'll have better Internet access with which to spread word of your imprisonment.

Even a dog craps in the right spot occasionally.

Jeff H | Nov 07, 2006 | 10:50AM


Now we see why the forum had been turned off.

I actually enjoyed your articles until I realized what I am reading is written by a farce who feels it is ok to make up credentials as they go.

The column is great, and you have some fantastic insight. Set this thing straight, on this blog and make it this Friday's post. Stop ignoring it and hope that it all goes away, it doesn't appear that it will.

Anonymous | Nov 07, 2006 | 5:39PM

Every once in a while a society will decide something is important to do and do it. Japan got serious about what industries they wanted to embrace, and realized quality was important, and became dominant in auto making and electronics. Those USA industries are painfully aware of the result.

India decided that providing their kids a good education and teaching them English was important. When the internet came along they had a workforce ready to exploit it. Those in IT watching their careers being offshored are painfully aware of this.

China has big plans for its future and if the trend continues many of us will be suffering from it too.

We need to realize the development of the internet in the USA was mostly by accident. It was a good idea and for a long time the government and corporations ignored it, allowing it to evolve into something really useful. If you look at what has transpired in the USA in the last couple years it should be clear powerful industry leaders and powerful politicians are trying to control the Internet for mostly their own selfish reasons.

We can't expect the USA government to do the right thing on its own. To be candid, most times the USA needs to be shocked into reality. So far losing whole industries and offshoring millions of jobs hasn't provided much of a shock. I think we should be thankful for Mr. Cringely bringing us a "big picture" view of what China is doing. It doesn't matter whether he got the ATM details right or not. Stop being a nerd for a minute and realize your job could be at stake in a few years. In this new economny those who are smart and plan ahead will have the advantage. If the last two weeks of political advertisements is any indication, in the USA our government already has two strikes against it.

We need big picture leadership and Mr. Cringley is one of the most visionary big picture columnists around.

John | Nov 07, 2006 | 5:43PM

An "interactive" blog is one in which the author interacts with the readers. I would really like to
see Mr Cringely offering atleast one comment to the "Tribe" who agree with him "100%".

Put all the informed comments and the article together and it appears that my interest in revisiting this page is weaning.. slowly...

Seems like a big blunder, this comment thing, for Mark.

Bhargava | Nov 08, 2006 | 6:45AM

Mr. Cringely please tell me where IPv6 is operational or even near operational in China. Other than universities and labs, as is the case in the US, it is not. What you have published is a blatant lie.

Wen Shun Li | Nov 08, 2006 | 7:56AM

MS Windows vulnerabilities will always be MS Windows vulnerabilities. Given enough incentive (and there's no incentive like ego?), people could figure out a way to compromise Windows machines through the USPS ... layer 2 is no protection for arcane coding mysteries like "Buffer Overflow." However, I'm more excited about China's separate DNS ... :)

FS | Nov 08, 2006 | 8:46AM

I see a list of IPV6-aware applications is well along...

I suppose that many holes not mentioned are more about who would mention them... Apple does have IPV6 in it's Network configuration but how much do the applications have to understand? How about MS? Anyone?

Steven | Nov 08, 2006 | 3:20PM

And then there's the servers running it...

Steven | Nov 08, 2006 | 3:27PM

Mark - This may be a new job for you when PBS wises up and fires you - - just don't lie on your resume anymore.

Fred | Nov 08, 2006 | 7:30PM

Oooh, George Ou has arrived!


You know, the guy with the Apple conspiracy theories. It's like the X-Files, the evidence never survives to reach the light of day. The witness doesn't present the proof at the conference, the mainstream reporter whose interest legitimizes the whole thing moves on and stops returning emails, but the guys who sold you on it never substantiate their claims, they just show you what's under another shell. And now he's found the Wikipedia (in a world where Joe Klein, Dick Morris, and Andrew Sullivan still have profitable careers this particular Cringely's indiscretion is small potatoes, even compared to George's particular briar patch).

And speaking of small potatoes -- George, spud, you're out of your league here. Dvorak may be a lightweight whose provocative farts seem daring (qv. Hitchens), but at least he actually writes coherent ideas instead of blog-whoring drive-bys like yourself. Why don't you go bold some words so you can be more like him, it'd be an improvement.

Pourn of Entropy Manor | Nov 09, 2006 | 4:12AM

It is also worth mentioning that IPv6, unlike v4, has native support for automatic address configuration (so you never, hopefully, need to manually configure a host again). And that everyone gets a /64 subnet (partly to make v6's autoconf work).

nick | Nov 09, 2006 | 4:58AM

ATM packets are routed using virtual circuit identifiers, not IP addresses. That's what you'll find in the 8-byte packet headers, along with enough information to reassemble packets into larger blocks (the AAL5 headers). It is these larger blocks which would contain the IPv6 address, and even then it may only be for virtual circuit setup depending on the IP encapsulation that is used, so the overhead would be minimal.

Phil | Nov 09, 2006 | 8:28AM

Wondering about the impact on oversaturated frame clouds, and also whether or not every connected thing is gonna be taxed to pay for Haliburton's lunch?

thinman | Nov 09, 2006 | 5:27PM

Eerst Europa Doelstellingen: De Ci2i Verzekering (Ci2i) zal het nummer een gebrandmerkte pan Europese commoditized online verzekeringsmakelaar door 2010 zijn.

Alice Mike | Nov 16, 2006 | 1:11AM

First Europa Mission Aussage: Ci2i Versicherung (Ci2i) ist der Nr. eine commoditized on-line-Versicherungsmakler bis zum 2010 das eingebrannte pan-europäische.

Alice Mike | Nov 16, 2006 | 4:16AM