How Things Will Change Under IPv6

Da Massive writes "IPv6 Forum leader Latif Ladid provides an insight into the workings of IPv6. He also talks about how peer-to-peer file serving as we know it today will be redundant with the newer protocol." From the article: "Q: What is the most significant benefit that IPv6 offers the world? A: Global connectivity. Currently we have less than 50 percent world-wide Internet penetration, and we have used most of the address space. If you look at the Western world, we have more than 50 percent penetration. In total we have close to a billion people connected to the Internet. So it is a false perception that we have full Internet penetration. We have six billion people on the planet. When the Internet protocol was designed back in 1980 there were 4.3 billion address spaces; it was already insufficient for the population. By 2050 we will be nearly 10 billion people. But there are not only people. There are things. Billions and billions of devices that will service these people."

Why don't we start today? Tunnels!

[Nichotin]

If you just want a broker that is quick to get started with, go to btexact [btexact.com] and sign up. For those "permanent" set ups, go to (you will get a tunnel initially, but have to save uptime enough to get a subnet and such).

So, what can it be used for? Well, at the moment I do not really use it to browse the web, but I use it for reverse dns on irc (efnet, freenode and most other ircnets have ipv6 enabled servers). In other words, I can have a range of customized hosts (very handy since many friends have shell accounts here) on irc, like @doomtech.net or cust-523452.nix.net.ru. The first one is my own domain, but the second is from afraid freedns [afraid.org]. Afraid has a huge range of public domains, which you can add AAAA and PTR records for.
After thinking up a host, please go to spamcalc [spamcalc.net], if you don't have the brains yourself to see if your host is dns spam or not. A host like doomtech.net is not dns spam, but something like i.am.god.and.i.live.in.the.cave.with.osama.bin.lad en.info is.

Sixxs and btexact have pretty exact instructions on how to set this up on a range of operating systems. With the aiccu client from sixxs, the tunnel should work behind most NAT setups as well.

But not everyone will need IP addresses

[WebHostingGuy]

While it is nice to say we don't have enough IP address to cover everyone now, be realistic. Not everyone will need one. There are a lot of people like me who will have lots and lots of them with all the toys I accumulate. However, there is also going to be a lot of people who won't.

While we will need more in the future saying we have to have more IPs because we have more people is not necessarily correct. Whereas NAT is being used a lot in corporate networks it is also being used in the home as well. I know, this doesn't solve everything. However, I can say right now there is a generation of people (my parents) who do not know what an IP is, nor do they care. Including them in the big list saying we need IPs for them is a fallacy--they will never use it or want it. And how about babies? Unless you are tagging them with remote tracking chips when they are born chances are they don't need one. Moreover, right now there are entire places in the third world which do not have systematic running water or electricity. Including them in this count is ridiculous as well. They need a lot more basic needs before they all need individual cell phones running IPv6.

Good ideas always make slow progress

[Billosaur]

Just think of the number of systems that rely on IPv4 right now: networks, routers, cell phones, etc. There really isn't a lot of room left at the current rate of expansion. But let's face, that's how we get: complacent. The current system is working -- why bother with a new one? I believe the Romans got that way toward the end...

I read the article and it was insightful, but I didn't have a lot of background on IPv6, so I searched for some background and found this on the details [csuchico.edu] and this on implementing it in Linux [tldp.org].

From the article: The Internet was not designed like this. It was designed to enable peer-to-peer and VoIP. In the meantime, through NAT, telecomms companies are offering VoIP but they want to bill you for it, but the Internet was not designed with any billing mechanism. When you connect to the Internet you pay anyway, so why should you pay for more services? This is the big debate. The Internet was not designed for telecomms companies, it was designed for everyone to share expensive CPU power. When you share expensive resources you can do anything.

I agree. Paying for sevrices is basically just icing on the cake for telecoms.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Oops, I almost forgot!

[Nichotin]

With sixxs, you get a /48-subnet, which should be sufficient for your quadrillion machines. The address I have looks something like this: 2001:770:11e::1, which is a short for 2001:0770:011e:0000:0000:0000:0000:0001. Luckily those zeroes can be shorted to just ::, which makes these addresses pretty easy to remember, actually. You can also have a bit fun, if you wish, by having e.g. 2001:770:11e:FFFF:DEAD:BEEF:DEAD:BABE :)

If you are bored some day, give the tunnel stuff a try, instead of sitting in your underwear drinking cola and multitasking irc and quake4.

Re:Population

[Carbonite]

Even though we do have a lot of people on the planet; I seem to recall that the population on the planet actually declined in the last 10 years.

Where the heck did you get that information? We've added 750 million people in the last 10 years.

Take a look here http://www.census.gov/ipc/www/worldpop.html/ [census.gov]

1995 5,694,418,460
2005 6,451,058,790

Re:Why not give PEOPLE addresses?

[rekoil]

No need - your IPv6-enabled DSL/cable modem will contain a Router Advertisement Daemon [litech.org] that takes care off all that for you.

Re:IPv6 Changes

[Crazy Man on Fire]

The point is that P2P is harder in IPv4 than in IPv6 since you have to deal with NAT. In IPv6, you could communicate directly with somebody without going through NAT and therefore that part of the communication would be trivial. No fancy stuff would be required to account for NAT between the two peers. You'd still need an application to do the communication, but it would be pretty trivial.

Re:"Billions and billions"

[TCM]

half of them will not be directly hooked into the interweb. Many of those are intended to be that way, since you want your layers of security, and that's why we have however many thousands of addresses in the range 10.0.0.[0-256];

Repeat after me for the 34253456345324th time: NAT is not a security measure. NAT is not a security measure. NAT is not..

Re:Why not give PEOPLE addresses?

[Mercano]

It wouldn't really be routable. There would be no way figure out which way to send the packets for a given "address." For istance, under IP4, any router that sees a packet going to any machine with an address starting with 129.22 (one of the few blocks I know off the top of my head) knows that the packet should be pushed out a pipe that heads in the general direction of Cleveland. In fact, most routers probably work off even broder rules, with (just making this up, now), all address starting with 129.17-129.32 should be pushed out towards OAR net, then OARnet would do more focused routing in house.

With "people address", there are three problems. First, no way to generalize routing rules. Secondly, there is the fact that all your stuff might not be in the same place. Most of it is at your house, but some of it is at the vacation home. Finally, there is the problem that people, unlike IP4 address, tend to move arround alot, geographically speaking. Usually, if you move from New York to LA, you get a different IP, even if you use the same national ISP. Under your scheme, the whole internet would have to be told to redirect your trafic. Yick.

Re:But when?

[puke76]

The IPv6 mess [cr.yp.to] (according to D J Bernstein).

Re:What About Private Address Space?

[TheRaven64]

Rubbish. NAT is not a security measure. If you have port {whatever this week's virus uses} forwarded, you are just as vulnerable as if you don't use NAT. Similarly, if you have a public IP and a firewall between you and the Internet which doesn't allow anything through on that port, you are secure.

A public IP with everything other the VoIP and (for example) BitTorrent blocked is much more useful, and no less secure than NAT.

Re:"Billions and billions"

[Anonymous Coward]

however many thousands of addresses in the range 10.0.0.[0-256]

Sorry, but I have to completely discount technical analysis and discussion from anyone who writes 2^24 as "however many thousands" when discussing a technical subject in a technical forum. Nothing personal, mind you, but it demonstrates either (a) a lack of basic math skills which are essential, even reflexive, to anyone really knowledgeable in this space or (b) a lack of attention to detail. In either case, your analysis is of much less value given that there are people around who actually do understand the topic.

Re:But when?

[Scott Wunsch]

Longhorn has an IPv6 stack built in, find your favourite Linux distro and demand an IPv6 stack in that.

What Linux distribution doesn't have an IPv6 stack built in these days?

And for that matter, Windows users don't have to wait for Longhorn either. Windows XP has an IPv6 stack built in too: How to install IPv6 [microsoft.com]

You don't understant the Internet

[swillden]

The ONLY machines that need actual IP addresses are servers and gateways. PERIOD. Everyone else can be NATted.

Sigh.

The problem with this statement is that it presumes all content comes from central servers. But that's not what the Internet was designed to be, and forcing it into that model will severly retard, and in many cases simply destroy, all future innovation.

The Internet was designed as an endpoint-to-endpoint communications medium. The intelligence is at the edges, every device on the network has equal access to every other device, none are "special". In practice, of course, 72.14.207.99 (one of Google's servers) *is* special, recieving many more connections than most other addresses, but that's an emergent phenomenon, not one that's designed in. It's only special because lots of other devices *choose* to talk to it. One day they could all choose to begin sending their search requests to some sort of massive, distributed, peer-to-peer search engine (I don't think so, I think it makes sense to centralize search, but perhaps there's a really powerful distributed indexing and search algorithm that no one has yet discovered).

There's huge power, flexibility and opportunity in that model. We do a lot of things using the Internet now, in 2005, but it's still in its infancy. We have no idea what other kinds of communications technologies will arise or what sorts of things people might come up with to do with this medium ten, twenty, fifty years from now. That means it is critically important for the future of technology and innovation that we preserve the ultra-flexible model that the really bright guys at DARPA came up with.

End-to-end delivery. Intelligent endpoints. Dynamic, multi-path routing. No central control. Those are the characteristics that turned the Internet from a lab-based curiosity to such a worldwide phenomenon that we seriously talk about how it will one day touch every human being on the planet. Think about it. The Internet looks poised to become the *single* communications medium used for all electronic communications, be it text, audio, video. What is it that made this such a powerful medium? End-to-end. PERIOD.

Let's not throw it away before we even find out what we can really do with it.

Re:But when?

[ysachlandil]

> Most of the technological hurdles in connectivity have been overcome

Multihoming is not fixed yet, and basically cannot be fixed within IPv6 (hierarchical address space and multihoming don't like each other). The current hack to fix this is give out addresses from all ISPs you want to connect to and have the _endpoints_ negotiate which address to use (proposal is called SHIM6, google for it). So basically, the network engineer needs root/administrator access to all endpoints in the network to do his/her work.

Now, should I drop one of my peers (and lose my redundancy) just to use IPv6, or just keep my IPv4 addresses until the end of time?

--Blerik

Re:Haha...

[NIN1385]

Awww... c'mon, that's classic family guy comedy!

Re:I don't get it

[Anakron]

Why does IPv6 make P2P any easier to implement?

It allows you to make direct connections from any computer to any other computer connected to the Internet. The way it was supposed to be. I'm guessing most peer to peer applications contain a lot of code that is designed to work around NAT.

Why does it remove the need for servers?

It doesn't. Not servers in the sense we normally think of them

Why does it mean that we "won't need providers such as Skype anymore because we'll be able to do it all ourselves"?

I believe what he is referring to is the fact that Skype tries to set up a connection between two users who are both behind NAT boxes by using another computer that is not NATed. That part wouldn't be necessary. We'd still need the Skype software, though.

you'll still need [...] software vendors like Skype

Right. It's just that Skype wouldn't need to use the kinds of ugly kludges they do now to get around NATed users.

In fact the only thing about IPv6 that would seem to me to help P2P is that slighly more people might end up not being NATed

The hope is that nearly no one will have to be NATed. Please don't start that security story again. NAT is NOT about security. NAT boxes usually also perform firewall duty (and usually not very well). That's it

but that won't affect anything much

I disagree. I think it will help a great deal. Network administrators and creators of network-aware applications spend a great deal of time trying to make sure that NATed users won't see much of a difference (and it needs to be reinvented for every application). If they no longer need to spend time trying to work around such a broken concept, we can hope to see real innovation.

Re:I don't get it

[kwalker]

Because two nodes on an IPV6 network wouldn't be stuck behind closed NAT firewalls and not able to communicate directly. Currently, if you're using Yahoo IM and want to send someone a picture, you have to relay it through Yahoo's servers, which causes a bottleneck because thousands of other people are doing the same and everything bottlenecks through Yahoo. With IPV6, both ends could have a public (possibly static) IP address, so person A could connect directly to person B and bypass the traffic jam at the server. It gets worse on something like eDonkey where if both ends are NAT'ed the transfer CANNOT happen.

As for removing the need for Skype, it wouldn't, but it would change. A Skype server would just need to know IP addresses so if person A wants to talk to person B, the Skype server just tells A "B is at 0:1:2:3:4:5" and A can then connect to B directly, instead of relaying through god-only-knows how many intermediates who may or may not be compromised or malicious. However, if you were setting up your own PBX with a static IP (And IPv6 has enough addresses that you could), then you wouldn't need a central authority (Skype server) to do the matchmaking.

Yes you'll still be firewalled, but the firewall will be at the end point, not in the middle somewhere that you have no control over (As in my case). The firewall rules would just change to a FORWARD rule instead of a "direct this port to this IP" rule.

IPV6 is about decentralizing, while NAT is essentially centralized (At the NAT server). If something can't change ports (Some VPNs, old protocols, not smart enough, etc), then you can't have more than one person behind the NAT using said protocol. NAT also causes problems because to the machine on the public-side of the NAT, only sees the address of the NAT gateway, not the address of the machine actually making the request. The implications of that are left up to the reader.

Re:I don't get it

[WhiteWolf666]

You haven't grasped the number of addresses IPv6 will make avaliable.

65535?

Think bigger:
IPv6 is intended to address the concern of IPv4 address exhaustion. There are too few IP addresses available for the future demand of device connectivity (especially cell phones and mobile devices). IPv4 supports 4.2 billion (2564 4.294 × 109) addresses, which is inadequate for giving even one address to every living person, much less support the burgeoning market for connective devices. IPv6 addresses this problem by supporting 340 undecillion (655368 3.4 × 1038) addresses. For scale, this would allow an average of about 430 quintillion (4.3 × 1020) unique addresses per square inch, or 670 quadrillion (6.7 × 1017) per square millimeter, of the Earth's surface. In other terms, assuming a population of about 6.5 billion humans, there are enough IPv6 addresses such that every atom of every person on Earth could be assigned 7 unique addresses with enough to spare (assuming 7 × 10^27 atoms per human).
Source: http://en.wikipedia.org/wiki/IPv6 [wikipedia.org]

So, think more like 4.9 x 10^28 address _per person_ (not per connection).

That's a little more than 65536.

Re:"Billions and billions"

[volkris]

It's clearly NOT the NAT that's providing you security here, but simple matters of routing.

So as the parent post said, NAT is not security. Routing and firewalling can provide some security, but not the NAT itself.

Re:IPv6 Changes

[silas_moeckel]

And the ISP's are asking where the profit in doing it is? There are a lot of downfalls to providers Multicast being the big one along with a whole lot of training. I do love all the people that think all of a sudden there toasters can have real IP's and NAT will go away, nothing in IPv6 says they have to give you more than one IP without paying more for it just like today.

Re:But when?

[Omnifarious]

I already do that, but my ISP still won't switch. :-(

Re:I don't get it

[chuckychesthair]

Skype is popular because it can function even when both ends of the conversation are going through a NAT. NATs are inherently evil (no, they don't offer more protection than a simple ingress filter on any "real" router) and break the end-to-end principle. With IPv6, you will not get just 1 IP address like in IPv4, but a shitload (currently the thinking is a /48, which is over 65000 subnets, each subnet containing roughly 4 billion * 4 billion addresses, but thinking is changing towards /56's, only 256 subnets, still an impressive number of addresses).

What this will do it 2 things:

1- allow for more machines to do any particular service. (multiple VoIP devices, multiple webservers, no extra configuration to restore ICQ file transfers, easy webcamming)

2- reduce worm problems (because most addresses are not used, simply scanning address ranges will not be successful, limiting worm propagation by several orders of magnitude)

So, no, it doesn't remove the need for servers per se, but most applications that set up peer to peer connections these days need some other machine to bypass the NAT problem. With IPv6, NAT is no longer needed (although there will be idiots that think it makes things more secure and demand it for IPv6 as well. I'm praying it won't catch on)

CC