Migrating to IPv6

I thought it would be pretty intimidating to migrate to, or add, IPv6 to my home network.  So far, it hasn't 
been that horrible, and I've done some interesting things.

You've all heard all the IPv6 hyperbole: there's so many grains of sand in an IPv6 address that we'll have
500 toasters each, and each of those will have eleventy billion addresses... It's tired, trite, and useless
to consider these numbers.  The point of a 128 bit address is to have an unlimited supply -- if we can never
use them all up, I am calling it unlimited.  Of course, we've all heard that quote Bill Gates never 
said -- "640k [of memory] should be enough for anybody"; I don't want to experience a world so complicated
that 128 bit addressing is inadequate.  These addresses are enough for everybody.

Further, the available addresses are portrayed as simply 2^128 addresses.  Although this is correct, after
partitioning into networks and hosts, there is quite a smaller portion available.   Still unlimited, pretty much.

The first question people ask about IPv6 is, "Why bother upgrading?"  Of course this is the most valid question,
since everything is working quite well with IPv4, for the most part.  The biggest reason is that the IPv4 global
address pool is running out.  There's 2^32 definable addresses, and again the real number is nowhere near this
due to partitioning; suffice to say we can actually exhaust this pool.  If you double it 96 times in a row, you
see how many IPv6 addresses there are.

The problem with running out of IPv4 addresses is simple, but it gets people really riled up.  Some folks figure
there's no good reason to upgrade to IPv6, and they have some good points.  It's expensive, and what we're doing
works pretty well.  It's not great, but why fix what's not broken?

I guess it's a matter of whether you consider the workaround - Network Address Translation (NAT) - broken or not.

NAT is a program that runs on a router.  It lets you share the Internet with all your computers.  Everyone's got
one of these things.  Offices have them buried in a closet out back, and folks at home hide them under the couch
in the living room, next to where the TV sits.  Most people call them routers, or modems, or hubs or switches.  
These are all different things, but at least they can identify the NAT device.  Heck, I called it a router just 
now and it's certainly not really routing.  But let's skip that topic.

NAT is pretty simple.  You have a bunch of computers and they all want to get onto the Internet to do stuff.  
Doesn't matter what.  They all want to connect to websites, chat, music, TV shows.  The NAT router accepts
requests (we'll call them packets) from the various computers, makes a little cheat-sheet of who wanted what,
and then goes out onto the Internet as a proxy for the computer that originally asked for it.  The packet
has been rewritten as though it originated from the NAT router.  Whatever is receiving that packet really
doesn't care who it's really from.  They reply to it, and when it comes back, the NAT router just looks 
at the cheet-sheet to see who wanted it in the first place, and hands it back to them.  It's not hard
for the NAT router to keep track of a hundred or more computers this way.  Neat!

But, what if someone on the Internet wants to talk to a random computer in YOUR house?  You don't know anything
about them, and they want to connect to you.  How do they do that?

Well, this is where folks start getting a little heated.  Some say there's probably no reason you'd want
some random thing on the Internet talking to your computers.  Doesn't that sound like getting hacked?
Isn't that scary?  Getting hacked.  Hmm.  Maybe that's not such a great idea.

Well, then it sounds like a pretty good deal that because of NAT, there's nothing in the cheet-sheet for them
to get to you.  Nothing ever got written down.  No one knows what the deal is.  So the NAT router just 
throws that connection out, and you don't ever see it.  Awesome!

And to be honest, this is a great model for most folks.  It's got nothing to do with something complicated
like firewalls.  It just reduces the model:  If there's enough IPv4 addresses, everyone can connect to everyone.
Like the Wild West.  Many-to-Many.  Anyone can just walk up to your front door and say hello, or shoot you in the head.  The
reduced model, where there's not enough IPv4 addresses, is a Many-to-One model.  Like a gated community.  Folks
can walk up to the front gate, but that's it.  The security guy lets people out, and knows them when they come back,
but if you didn't come from there, you have no business going in.

See how comfortable that sounds?  And so some people think that NAT is just fine.

Oh, you want a special case?  Your friend is coming over with a bottle of Scotch?  Well, tell the
security guy to walk him to your back patio.  The NAT version is called a "Port Forward", and
you can emulate everyone having their own IPv4 address by carefully plucking out requested TCP/UDP ports
and forwarding them onwards.  Sure, sure -- you forgot to tell the front gate guy that your friend 
with the Scotch is driving a Mercedes, and in walks a homeless guy that smells like ham.  Oops, so Port
Fowarding isn't a perfect approach and you still need firewalls.

Everyone needs firewalls!  NAT isn't a security model!  It's just a convenience.

The original model for the Internet was that any host could contact any host.  Ten years of using NAT
and we have all forgotten what this was like.  All the services moved to the center -- we always originate
the connection.  Websites don't contact us.  Our email waits for us to get it at an ISP.  Et cetera.

It was really a race between getting extra computers online for free, and free Internet telephone.  NAT
won the race, and today getting a VoIP call between computers is a digusting gymnastics course of Internet
manipulation.  What once was simple, is now quite complicated, and interesting technologies have really
decayed or slowed down as a response.

So, by installing IPv6 all over the place, we can get this Wild West model back.  And it's going to have
growing pains, and things that were working will break, and the Internet will go through some angsty
puberty.  And then a few years later, everything will be working again and we'll have ripped off the
NAT bandaid.  

Anyways, enough NAT ranting -- it's too easy to go on:

IPv6 isn't something we have to migrate to overnight.  And once we do, IPv4 isn't something we're going to just turn off
the next morning.  Most people agree that using a Dual Stack model, i.e. having both, is the natural progression
to the IPv6 Internet.  Currently, lots of little IPv6 "islands" exist, with tunnels between them.  Eventually,
enough areas will realize there's no need for a tunnel when there's IPv6 "land" everywhere (a native connection,
non-metiphorically).