Did you hear about this? Probably not, so here it is… Google’s YouTube IPv6 traffic increased 30% last week. This intel comes to us from one of the world’s largest IPv6 ISP’s—the venerable Hurricane Electric in Fremont, Ca—whose own IPv6 traffic has already doubled this year. Just yesterday, Hurricane Electric actually claimed to be the world’s largest IPv6 ISP!
Meanwhile, across the country on the East Coast, Comcast is the IPv6 Big Dog, and is already rolling out IPv6 to test subscribers in Philadelphia of all places. And guess what? They plan to have a full, nationwide rollout by 2012. Now this is some serious info to open up a blog with, and we haven’t even talked about that IPv6 Whitelist that’s in the title yet!
Most of the time when people say something is definitely, certainly, absolutely black or white, no exceptions and no gray area, we think they can’t be right; they’re over-simplifying things and being really dramatic for affect, right? There’s just got to be a gray area to play around with, at least for a while, and with regards to IPv4 this has, in fact, been true for more than 10 years now.
But we’re running out of IPv4 fixes; things like NAT, etc. to keep our networks and applications running smoothly and things are getting more than a tad desperate. If you’ve read some of my past blog posts, you already know that the IANA is going to run out of addresses to handout to ISP’s by September, 2011 And you know that my personal stance on the matter is that all networks, applications and companies are already years behind where they should be in preparation for this great migration. The thing is, I’m just not a lone voice in the wilderness anymore.
Right now, those companies fully grasping the fact that IPv6 is what they’re going to require to power their businesses and remain competitive aren’t simply creating IPv6 networks and servers on the Internet, they’re also creating a “Whitelist” of customers who can access their web sites via the IPv6 routed protocol. So far, from what I can tell, the hardest driving companies leading this new Whitelist movement are: Google, Facebook, eBay, Yahoo, Comcast, Netflix, Microsoft, Wikipedia and Twitter. Doesn’t www.ipv6.netflix.com have a nice ring to it? (Yes, that’s really their new address!) Tell me you just didn’t try this link with your IPv4 network….of course you did…
So the burning question here is why do these companies need a “Whitelist”? Okay, that, and what happened to my invitation? Did it get stuck in my Junk mail filter again? Hmmm… To begin to answer that one, first, understand that IPv6 uses something called quad-A records (AAAA) instead of single A records like IPv4 queries. The DNS Whitelist for IPv6 would be used by content providers to pass quad-A records upstream to ISPs only if the user’s DNS resolver is in the Whitelist.
Okay, so back to my question on why these companies need a Whitelist… I mean, come on, if I get a /48 IPv6 address range from my ISP, why shouldn’t I just be able to use it? After all, this is a free country right? Well, most would say yes, but well, don’t you think that maybe, just maybe, this Whitelist could be used to maintain who accesses what, when, and where one can connect, as well as to control, monitor and log their access? It is definitely plausible, but of course Google, or anyone else wouldn’t go there, and Facebook would never ever really hold on to your deleted content or sell demographic info to mass marketing firms right?
Sort it out for yourself… Here’s what some content providers said when asked why they needed to create a DNS Whitelist of who can and cannot use their servers… I quote from Hurricane: “Without a whitelist to help sort out which customers can and cannot receive IPv6 content, web developers will inadvertently block too many customers from accessing their content.” And here’s a quote from eBay… When asked about their new IPv6 site, they said, “we need to take the precautions necessary to ensure our community has a safe experience on the site”. Google chimed in with: “This [Whitelist] is the easiest way we can provide IPv6 services without blocking customers with broken IPv6 links.”
Broken links? Safe experience? Blocking content? Let’s see… We haven’t even built the links yet, so how do they know that they can or will be blocked and/or broken? Of course we want them to be safe sites but then again, maybe Hurricane Electric wants control of all of your IPv6 data too. One does not necessarily preclude the next and let’s be honest, there’s some potentially serious coin and power there!
Plus, consider that Facebook, YouTube, Twitter, etc. has been gradually increasing our tolerance for less privacy at the cost of “connecting” by turning up the heat ever so slowly so that we’ve become accustomed to what we would’ve deemed totally invasive only a few years ago; accepting it as the “new normal” like proverbial slow-boiled frogs. You could say that I’m probably just being paranoid, but you would still have the Whitelist Dilemma” to deal with, cognitive dissonance and all.
With that said, what are we going to do about this Whitelist thing? Nothing, nada, zip, zero, zilch—not even a pathetic percentage of something—that’s what. Why? Because we haven’t just steadily grown accustomed to these services, we’ve grown so completely dependent upon using them that they’ve become actual verbs. Go ahead, see for yourself… see if you can get through one day around other people without hearing something like, “Oh, just google it and find out”, “email me” or “did you tweet back?”
No, we will not collectively go without YouTube, Search, Docs, Gmail, Twitter, News, and Maps in 2011, we will happily go along like lambs to the slaughter because they’re all free and what’s more, we’ve already cut over our corporate services to them. Uh-oh… Still think I’m being paranoid? Looks like you’re going to have to be on Google’s “Whitelist” after all! Wait, what? You thought that with Google, everything is free, fast, and large? Oh, right, as long as you’re in the Whitelist club so they know who you are, what you access and when—and then charge you for it…Oops… Scratch that. I meant, so they can verify that your networks aren’t screwed up somewhere, that you can access the content you’re really after, and that doing so will be a very pleasant, safe experience for you, indeed!
Let’s dive deeper for a second. Since these networks will be dual-stacked, at least for another 5-6 years, what’s the worst possible thing that can happen if an ISP has a broken IPv6 tunnel? You guessed it…nothing. Well, mostly nothing. Users will simply experience about a 30 to 60 second delay as the data is finally retuned using the IPv4 protocol. Admit it… If you’re at Google’s site and everything is delayed a minute, you will not like it one bit. And if it happens a lot, you’ll most likely make some noise and complain.
This smoothly segues into another reason that strengthens the case for their Whitelist. “We’re doing this for you – to help ensure your networks are running optimally at peak performance… No more wasting time frustrated and waiting!”
To say this is controversial is laughably understated. How in the world (pun intended) will the ISP’s be able to maintain this list? I mean, the claim that there’s one link/tunnel/DNS record somewhere between you and them cannot be right because that would mean that you won’t gain access to their server until that link, etc. is fixed—and this is for your own good. Somehow. In fact, this is so important that the IETF, (group responsible for IPv6 and IPv4 protocols), is meeting specifically about this very same Whitelist.
Oh, and one last thought before this blog becomes a novella… The National Institute of Standards and Technology (NIST) will need to approve hardware and software products being developed and sold to government agencies by July 1st 2010. YES—that would be July, as in a little less than three months from now, and there are around 150 RFC’s that must be refined and met before the NIST approves the lucky vendor.
Understand that this is no Y2K. It’s more like Brave New World meets 1984…