lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98177f3fd5d6c9b184dd33396ae6897969fab561
hpr-knowledge-base/hpr_transcripts/hpr0599.txt

161 lines
21 KiB
Plaintext
Raw Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 599
Title: HPR0599: Interview with Rudi van Drunen on IPv6
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0599/hpr0599.mp3
Transcribed: 2025-10-07 23:44:30
---
.
Hello everybody, this is K-5 and I am recording for Hacker Public Radio.
I did a quick interview at the large installation systems administration conference, Lisa 2010,
with Rudy Van Drunen, the 2010 conference chairman and active worldwide consultant and networking expert from the Netherlands.
And we talked about the past, the present and the future of IPv6.
So please sit back and enjoy this interview with Rudy Van Drunen from Lisa 2010.
All right, hello everybody. This is K-5. I am recording from Lisa, the large installation systems administration conference, 2010.
And I have with me a very special guest, Rudy Van Drunen, who is something of a networking expert.
Actually, I'm not sure what exactly you do in your real life.
So why don't we start by filling us in on what your day-to-day life is like?
Well, my day-to-day life is either I'm a consultant, I work for a rather small, convoying firm in the Netherlands.
We have like 60 consultants, we do high-profile stuff like enterprise IT for large organizations,
a lot of banks, ISPs, that kind of stuff. So strictly in Europe or all over the world?
Well, all over the world, where we can get consulting jobs, but mainly it's Europe.
So when you speak of consulting, that can range from one end to the other.
There's a million things you can do as a consultant. Did you do systems networking, hardware, software, the whole thing?
We actually work through the host tank. So we do networking, we do operating systems.
We do some middleware products, database, and we do web application development.
We can actually do the complete stack, and we are mostly focused on the non-microsoft world.
Does that mean macOS and Linux are strictly open-source?
No, macOS, Solaris, AAX, Linux, everything.
So because we're working with large enterprises, they tend to move little light to the commercial unit world.
Okay, not a whole lot of open source there, but they're moving.
Yeah, you don't hear as much in the big Unix players anymore.
With sun being gone, and HBOX, and AIX, not as big as they used to be.
They're kind of a legacy thing now, so everything, at least to me, seems like it's shifting more towards the Linux side or maybe BSD.
Well, there's really lost cooperation there, like Solaris, so to either IBM with AAX or Sun or Oracle with Solaris.
So they're kind of in the vendor location and still run large number of those platforms.
Well, the reason I wanted to talk to you, and get everybody else to listen to us, and hopefully find something interesting about this, is you presented a talk on Monday about IPv6 and some of the upcoming problems and challenges and maybe some of the benefits that we're actually going to see from the eventual change over to IPv6.
Now, you and I, and everybody knows that IPv6 has been coming for years and years now.
It's still not here yet, but you've actually said, or you said there were maybe some hard dates on, we're actually running out of IPv4, I addressed space, so let's go ahead and discuss about that.
Yeah, well, it's beyond the real soon now stage, so we actually approaching the date and they will be somewhere within you from now that the registries, the top level registries, like Aaron, like Ryban CC, cannot have IPv4 numbers anymore, because they're solar, they're gone.
And at that very point, there's smaller registries, and ISPs still have numbers, but for a large deployment, if a ISP wants to move into some new technology or connect like zillions of users at once with buying a mobile phone service or something like that,
then it can be done with IPv4 anymore, because there's no numbers, and so that's reality.
Like a couple of years ago, there were people shouting, well, they were running out, they were running out in the next year, but right now it's really true.
People live for days when the things are on up, and there's prediction that it will be March next year, and there's prediction that will be November next year, but eventually they will run out for real soon now.
Now, in the past, it's been the idea that we're going to force everything into port address translation to compensate for the fact that we're running out of IP addresses.
You don't think that's a solution going forward?
Well, that's absolutely not a solution, because you will introduce all kinds of problems there, but there's loads of protocols that don't like network address translation.
Like if you do certain VPN stuff, it just won't work if you do not.
Or you're running to new changer of mobility problems by doing that, and you actually want to communicate one to one.
And you want to address each network device individually.
What is your assessment of the number of organizations, whether it's just in the EU or worldwide, they're aware of who have actually adopted IPv6 in any form?
Well, there's like, I think between the five and ten percent of the larger organizations are actually running IPv6 one form or the other, either internally or part of the external facing stuff.
And it's growing because it's coming on the radar now.
And I think that Europe is here miles ahead, because actually in Europe there's a real government push to actually do move to IPv6.
And Europe and also the Asian world, because they're upcoming countries, they're upcoming economies, they need numbers, they need people on the net.
And like, for example, time, they're really, really growing economy, so they need numbers like hell.
And for those large scale deployments, IPv4 is not an option anymore.
From a perspective of an up-and-coming economy or an up-and-coming country, though, they're not stuck with the burden of converting from one to the other.
They can start directly with IPv6 and not be encumbered by the knowledge of what came before, so it's easier for them.
So what do you think is the biggest problem for current companies to use IPv4 in the adoption of IPv6?
The real problem is the being aware that you need IPv6 to communicate with audio peers or your customers, and then actually doing that.
And from the outside, the easy thing is if you have a web presence, convert it to also do IPv6 next to the IPv4 connectivity you have, also do IPv6.
And that doesn't mean that you have to remember everything internally or move to V6 internally.
Just move on your co-located machines in your data center that are facing a web, put them on the IPv6 internet as well.
Because there is a day that there's a customer that only has got IPv6 connectivity, only is connected to the IPv6 today, and you want to have them reach you, and it's as easy as possible, not having everything, tumbling, and then, again, coming to the IPv4 internet.
But if you have presence in the IPv6 world, then you have the competitive information, I guess, for the larger organizations.
And yeah, it's a transitional thing that you want to check whether your applications are IPv6 ready, because it's not only the systems,
it's not only the network equipment that needs to be out of IPv6, but also your applications have to be able to work with the larger, longer addresses.
They have to be able to actually internally work with those numbers.
So that's the thing, and you can just start now to check and convert and set up an IPv6 test bed in your organization to actually go test.
Well, how big do you think the true IPv6 internet is right now? It's not very big, I would think.
No, it's not very big, but at that very moment that there's the actual new rises by having people that only have IPv6 connectivity.
So if you're ahead of the curve, and you have the advantage, and for example, there are services right now that only work on IPv6, but it's all experimental, it's all fun to have, and nice to have.
And on the other hand, if the IPv6 traffic is handling a special way, and you have a special IPv6 file, you will get, for example, if you now have IPv6 on your system, and you go to YouTube this call, it will use IPv6.
And there is in the transit part, some companies that have priority on IPv6, so you will get more bandwidth there.
So that's not advantage. Right now, the other advantage is if there's new servers that have dedicated IPv6 channels that are not as crowded as the IPv4 stuff.
But right now, it's still coming, and it's still rather small part, and I think it's one or two percent of the internet traffic is IPv6, but that's growing fast.
And that's growing fast, if the first major organization is going to do that, like Google is translating stuff to IPv6, and if you have got my IPv6 stack, you will get onto the IPv6 services at Google, and they're handled differently.
So I'm not aware of it, I admit that my world sphere is probably fairly small, but at least in the United States, I'm not aware of any major ISPs or minor ones for that matter, who are giving IPv6 addresses to customers yet.
Now I understand that your ISP is able to get you IPv6 addresses if you request them.
So how does that benefit you, and when do you think, what do you think is going to cause the trigger to when ISPs like in the US will actually start making IPv6 available to their customers, and when that happens, what do you think that will mean for the average end user?
Well, I heard of Comcasts doing experiments on IPv6, and also have native IPv6 coming into people's homes by using special kind of modems and starting up that movement.
I, in the Netherlands, have an ISP that can bring me with special, the standards customer equipment, but special equipment that you can get from them.
Native IPv6 to my house, not using tunnels or anything, so they're using ADSL, so the ADSL infrastructure between my house and the ISP is also all IPv6 ready.
So that's the thing, if you have that, and if you have it configured properly, and those boxes, if the ISP does a good job, those boxes are pretty configured.
It's like putting your own router on your either cable or ADSL connection. You will notice, your machine will get IPv6 address and IPv4 address, and where IPv6 is available on the server side, it will connect to IPv6.
So you won't notice, but some services will go faster, and some services will be different because IPv6 is different, it's handled different on the server side.
And right now, it's just get the transition started.
Well, the transition seems to be the hardest thing right now, and it seems to have been that way for some time now, because everyone, like I think I already said, is aware that the IPv6 internet is coming, because the IPv4 internet will simply just be full sooner than later.
But if an ISP, for example, wants to adopt IPv6 at least internally, is it viable for them to set up all the IPv6 address space within the company, and then at the edge, tunnel everything in the IPv4?
I mean, is that an option while waiting for the IPv6 internet to bloom as it were?
Yeah, well, it depends. Right now, if you as a company want to have IPv6 presence on the IPv6 internet, you can get a tunnel, and you can get a tunnel over IPv4 using different tunnel brokers, and that's pretty easy to set up.
And by that, you have presence on the IPv6 internet. You can have your machines configured with IPv6 addresses. You can, well, have your web server also talk to IPv6 sites, the IPv6 clients.
And by the next half, you can have your internal machines also getting an IPv6 address, because address space and IPv6 world is really cheap, and well, there's so many addresses.
There's 10 to the power of 30 addresses per person on earth right now. So it's easy to get address space. It's easy to get complete service, and you can put your machines on that, and then they can use the IPv6 internet through that same tunnel that you have over the IPv4 on the external site.
So it works both way. The client can get clean to the IPv6 internet, but the client on the other side could go to your server also over the IPv6 internet.
And right now, at least in the United States, I believe they're still giving away IPv6 subnets if you simply request one, and the subnet that you get is a slash 48.
And a slash 48 is actually exponentially larger than the entire IPv4 internet. And that's just, they're just giving it away to anyone who requests one, because the IPv6 internet is just so large.
It isn't conceivable that we're going to run out of space on that. So let's talk a little bit about IPv6 security.
What should, is there anything that people need to be concerned about? There are a lot of devices nowadays that come pre-enabled with IPv6.
And the average home consumer may not realize that IPv6 is enabled on their devices. Is there a security concern there?
Essentially, there's nothing different between IPv4 and IPv6 security. The only thing is that, with IPv4, you probably, if you have a device that talks IPv4, and you're using that in a internal setting, you probably won't have an external or other web address.
You will be having an address that goes through a that box, network address translation box.
It's such a way that you can go to the outside world, but the outside world cannot, if it's not enabled in that box, get directly to your machine, because there's a not-readable address.
In IPv6 world, you'll probably get a just-readable unique address on your box. And then if there's no precautions on the boundary between the internal and the external world, then you can reach the external world.
Then the external world can, even so, reach your internal world, because there's no network address translation. So there's, you need to have firewall.
Also, in IPv4, you need to have a firewall, but with network address translation in place, the outside to the inside, think has another boundary, has another threshold.
So it's very important that you also, for IPv6, have your firewall configured correctly, and you might set, explicitly set, that the outside is not allowed to talk to any of the inside, whereas if you do that in IPv4 and network address translation world, it's implied in the network address translation world.
So it's a little easier in the IPv6 world to get direct access to the machine. But is that a problem right now for people who have IPv6 enabled in a computer that they may not realize?
If they have an IPv6 enabled in their machine, and they're skilled behind that firewall device, they have an IPv6 internally on their internal network, but they probably don't have IPv6 on their external network.
If they go make a tunnel over the IPv4 to bring IPv6 into their internal network, then all their internal network machines that have IPv6 addresses are exposed.
So then you have to put your firewall in place and tune that so that no one from the external IPv6 world can pass through that tunnel and get into your local network.
So your firewall is different and well, you have to tune that differently, but you have to be aware of all that issue.
And everybody should be aware of security and have some kind of firewall regardless of what system they're running anyway.
Sure, and be sure to assess your security thing first before just building tunnels and sending things up.
And security, you have to make a plan first of them, build it, not just build it and then think, oh, we need something to do with security and firewalls because then you are too late. The bad guys are in.
Okay, so let's put you on the spot just a little bit. If you had to guess a year, what year do you think IPv6 will be fully adopted?
What do you mean with fully adopted? So that every device that is not on the IPv4 and then it was on the IPv6?
Every device is in some way connected to the IPv6 internet whether or not IPv4 still exists.
Then they'll take like three to five years from now, provided that there's a really killer killer app.
There must be a driving force there and a driving force could be a killer app that for example is peer to peer like because you don't need any difficult things anymore to address and advise.
You can now talk to with IPv6 talk to at least address any other advice. Not the difficult issues that for example Skype has to actually address the advice behind the net thing.
So if people actually see the ease of using IPv6 for those kinds of stuff, then I think within like five years from now every sensible and device will have,
well, every sensible and device that needs to talk to another and device that's on the other side of your parameter has IPv6.
Of course, if you just run monitoring things in the inside, there's no need for IPv6. You use an IPv4 private stuff there.
If it's still in the company and you have enough IP space there, keep it. Don't move to IPv6 for the internal stuff. If you need your monitoring stuff, your monitoring network or your monitoring temperature of your server room that's connected to your monitoring server, keep your IPv4 there because it doesn't need to talk outside.
So I mean tunneling IPv4 into the IPv6 internet is a perfectly reasonable thing to do.
Oh yeah, yeah. There's two things. You can people like tunnel IPv6 through the IPv4 and the other way around. It's also possible and there's just tricks to do that if you have only IPv6.
Like now you have got out only IPv4 and you don't have IPv6 native, so you make a tunnel of the IPv4 internet. But on the other way around, if you only have IPv6 and you don't have natively IPv4, you can do tunneling and get your packet out and packet in.
But that's not a preferred situation, but that's a transitional thing until the services all have IPv6 addresses.
Well, that makes perfect sense. And one of the last things I guess we probably should touch on is I think a lot of people may think that this migration is at least fairly scary.
Maybe people think that they don't understand IPv6 or that it's hard. I know for one, I'm like that. And at least listening to your talk on Monday, I got a better understanding of that.
It's not that it's not that difficult to migrate from one to the other. And in fact, IPv6 has some neat tricks in it that make it pretty easy to migrate a particular device.
But if somebody were looking for information on the migration from IPv4 and IPv6 or just on IPv6 in general to get more information about it, to bring the worry factor down, where do you think where would be the place to go?
Well, there's a couple of good resources on that that actually explain how IPv6 works and also explain how to get you on the IPv6 into that.
And I think that's the easy thing to start with. Just go and explore it on a net and then see if there are sillings of recipes to build a tunnel and to go play with it.
So there's a couple of tunnel brokers like Hurricane Electric here in the States and six success, which is a global nonprofit tunnel broker who will get you a slash 48 and a tunnel to the IPv6 into that and then just go play.
And if you have the feeling that you know how it kind of works, what you need to do, then make a plan for your organization how to do the different steps.
So there's a lot of steps that you have to take because it's not only connecting the network layer, it's also the application layer that probably has to be adapted, but there's also recipes for that.
Only if you have special homework and application, you might go talk to the developers to have that IPv6 enable or just test it whether it works.
But there's loads of information on that. There's loads of information in books and it's not that difficult to get to get it up and running.
And you don't have to be scared by the huge addresses, the huge numberings and the IP numbers that are much bigger and you can't know them by heart anymore.
So don't let them carry you off and just go play and get a tone and get you stuff running on the IPv6.
And right now there's so much information to get you started right away.
Well that sounds good. I think I may go ahead and try that myself. At least play around on the IPv6 internet because I know all of my Linux devices have been enabled by default and it might be interesting to see how things work. Go ahead and tell us about the turtle.
Yeah well yeah there's this site that came up that which is in very old site and that site was one of the first sites that was on the IPv6 internet and that has a turtle.
And if you go to that site and just do that now you'll see a static turtle and if you go with IPv6 the turtle will be dancing.
So that's the incentive to get you IPv6 to actually see the turtle dancing and then there's over the other sites that have those same tricky things with IPv6 look different and do different things.
But that's that's like the first one that actually had the change between IPv6 is visible and so why why are you doing IPv6? Well I want to see the turtle dance.
What was can you spell on site?
Yes that's KAME.net.
Okay well I think everybody needs to go try the IPv6 internet and go see the turtle dance.
Yeah so I really appreciate it and thank you very much Rudy for spending some time with us here.
Okay you're welcome.
All right and everybody this has been K5 broadcasting from Lisa 2010, large installation systems administration conference in San Jose.
And I hope everybody enjoyed this little talk with Rudy Van Drunin about IPv6 and thanks again to Hacker Public Radio for getting this information out to the community.
We'll talk to you all soon.
Thank you for listening to Hacker Public Radio.
HPR is sponsored by Carol.net so head on over to CARO.NAC for all of us here.
Thank you.
You
Reference in New Issue Copy Permalink