US Has More IPv6 Eyeballs Than Asia, Because of Apple 162
An anonymous reader writes "Google has been checking to see who's using IPv6. According to the company's tracking, half of all IPv6-capable systems seen by Google are Macs, helping the US land in fifth place in percentage of IPv6 users world wide, ahead of China and Japan."
Do Macs automatically setup a 6over4 Tunnel? (Score:4, Informative)
I don't believe any US ISPs have begun providing IPv6 connections yet, have they? So, does this statistic reflect that not only are Macs IPv6 capabable, but all of them are automatically setting up an IPv6 tunnel over their IPv4 connections? If so, what tunnel broker are they using as an endpoint (is Apple itself providing a tunnel broker service for them)?
Or, instead of using a tunnel, are they using the technology (don't remember the name, maybe 4to6?) where an IPv6 address is automatically generated from the public IPv4 address, and then IPv6 packets are sent to an IPv4 anycast address which automatically routes them to the nearest 'public' 4ot6 gateway? Unfortunately, I don't believe the latter solution works well behind NATted connections, which I think would dramatically reduce these statistics, so the sheer size of the Mac IPv6 'population' suggests to me that tunnels are being used instead?
I've recently been playing with IPv6 via Hexago Freenet6 [go6.net], but truth be told, there's really not much use for IPv6 yet, since very few apps (like IM clients [skype: I'm looking at you], network games, etc) or websites actually support IPv6 on the other end yet. I've also noticed a problem with packet loss and high latency with Freenet6, so I'm thinking I'm going to try to find a different tunnel broker.
Re:How can they tell? (Score:4, Informative)
not at all.
While NAT is not a be-all end-all security measure, it certainly helps, as my router provides a (stupid-basic) blank face at port-scan attempts.
Layers of defense. My router is the drawbridge of my castle.
-nB
Re:Do Macs automatically setup a 6over4 Tunnel? (Score:5, Informative)
Guess I should have read the article first. Looks like this result is because Apple's Airport Extreme AP automatically sets up 6to4 (which is the 'anycast' based system I was referring to previously, but got the name backwards), and because the router itself supports 6to4, there's no problem giving the systems behind the router a public IPv6 address in the sub-net of the 6to4 address.
I didn't realize there were any IPv6-capable home routers on the market (other than routers that have been hacked to replace the OEM firmware with OpenWRT or DD-WRT). Kudos to Apple for showing some leadership here. Anyone know of any other makers with affordable home routers with IPv6?
Re:How can they tell? (Score:4, Informative)
Re:Linux much (Score:4, Informative)
Yes, it has been build in into the kernel for several years now. I have IPv6 network already, works like a charm.
You need to get a ISP that supports native IPv6 or a IPv6 PoP to connect to IPv6 sites. Like http://ipv6.google.com/ [google.com]
LAN IPv6 is already build in, no need to configure that.
Re:How can they tell? (Score:3, Informative)
This result seems to be because of Apple routers (Score:5, Informative)
From the article, I picked up the reason for this result (but not until after posting a similar question, I must confess). Most home computer users, regardless of their platform, tend to connect to the internet through some sort of router device. Most of these routers use IPv4 only, and use NAT to share the Internet connection.
Many Mac users, instead of using some 'generic' WiFi access point, instead use Apple's Airport Extreme router. Per the article, Airport Extreme's have support for IPv6 built right into the router, and the router will *automatically* route IPv6 traffic using the 6to4 standard (which basically tunnels the traffic over the IPv4 connection from the ISP).
I suspect that if you connected your Ubuntu computer (or Vista, or XP if you installed IPv6 manually) to the Internet using an Airport Extreme, then IPv6 would work fine under Ubuntu too. That is, I think the 'magic' here that makes IPv6 "just work" is in the router, not in the OS.
Re:How can they tell? (Score:4, Informative)
Nonsense. I've visited the homes of Mac-only users. They usually have two or three. Where things get interesting however, is that they tend to be using an Airport Router. (Which caused me no end of grief when I didn't spring to have WiFi added to my last laptop.) As someone mentioned higher up in the discussion, Airport routes IPv6 by default. Something that most other consumer routers (typically paired with Windows and Linux machines) do not.
Re:How can they tell? (Score:4, Informative)
The difference between a "NAT router" and a "stateful firewall with public IP stuff behind"
You need the NAT working in order to reach the stuff behind it.
You don't need the stateful stuff working in order to reach the stuff behind it.
So in event of bugs, the hacker is more likely to have to work harder to exploit the stuff behind a NAT.
Now the issue with "just NAT" is the ISP can usually access the stuff behind the NAT - just as long as they know what IP range you have behind- they just have to get IP packets with dest=your.private.ip to your NAT device and _typically_ it will pass it through (some NAT devices also have a stateful firewall so they may not pass it through).
This means a 3rd party could get past your NAT if they have control over your ISP's routers route tables. But if they achieve that control you're probably screwed anyway.
Anyway, it's good enough protection, the hackers and malware bunch hardly do direct network attacks anymore against Joe User, much easier to convince Joe User to run stuff
Re:False negatives abound (Score:4, Informative)
That's not a false negative, that's you misunderstanding the test. They are testing users who are actually IPv6 enabled, not just users running IPv6 capable hardware.
By Default... (Score:4, Informative)
Re:You're not so smart yourself (Score:3, Informative)
> Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP (or other means) to Joe User's WinXP/Mac box, BEFORE it manages to get that public IP range from the ISP?
Before it connects to the ISP you'll be using link-local addresses. The router will then get a prefix from the ISP via DHCP prefix delegation and begin sending router advertisements so internal computers can configure themselves with public addresses (though they retain their link-local addresses).
Re:How can they tell? (Score:3, Informative)
I doubt it's really not allowed where I live (not in USA though), and the first three months I had only plugged in the TP-cable without signing any paper or anything. No login required, just plug the machine in and voila Internet with DHCP.
Re:False negatives abound (Score:3, Informative)
You do realize it will take months to map a LAN with IPv6 through nmap ? Because the IPv6-address space for the LAN is bigger then the whole IPv4-internet.
Anonymous Coward (Score:1, Informative)
This may be the answer
Apple's secret "Back to My Mac" push behind IPv6
http://www.appleinsider.com/articles/08/08/19/apples_secret_back_to_my_mac_push_behind_ipv6.html
Re:You're not so smart yourself (Score:1, Informative)
What the hell are you talking about? You're using link-locals till the route gets a real IP, then it advertises the new route, the clients get new IPs and everything functions just as normal the whole time.
And the URL Joe Public types in is the same as now. "http://name.your.router", supplied by the manual, provided by the DNS server in the router, the same as he does now. You don't think he types in cryptic ip adresses, do you?
Re:How can they tell? (Score:3, Informative)
I think the future means every single device having a IP, perhaps even human beings if you are paranoid. :)
Don't think about today, think about the future. Can you imagine every cell phone user somehow browses the net and plays some games?
It is not like today's concept, it is about the very weird and connected future. I agree demanding IPV6 from a consumer level ISP today is a bit overkill but recently my heater company called me and asked if I wanted my combination heater (Vaillant) to be connected to net. I asked if it is Windows some sort, they said "yes" and I said "good luck with that".
Re:You're not so smart yourself (Score:3, Informative)
BUT before Joe's router is connected to the ISP, how does his router or PC know what address they should be using?
This is actually a topic of debate on IPv6 lists right now. There are basically two camps: One says that Joe's router should give out unique local addresses, the other says that a LAN only needs link locals. Both sides are, as far as I can tell, supporting their stance with really good arguments.
Joe would not have to wait for "dhcp renewal time" seconds, or "some other public IP update period" seconds, before his PC realizes that "Oh I'm supposed to be using this public IP address and this gateway".
That's not how IPv6 works. Joe's computer gets a Router Advertisement message as soon as the Internet LED lights up and everything instantly works.
Like most criticism of IPv6 on Slashdot, your criticism is founded on ignorance.
Comment removed (Score:5, Informative)
Comment removed (Score:4, Informative)
Comment removed (Score:4, Informative)
Re:This result seems to be because of Apple router (Score:3, Informative)
Unless you are looking at a fairly strange cross-section of consumer routers, most of them do not run Linux. Only a handful of the ones offered by Linksys, D-Link, etc. do. The majority run VxWorks, I believe.
A few years back there were actually more Linux-based routers but as cost pressures and competition have increased the manufacturers seem to have moved away in order to reduce the parts count. Broadband routers are the only pieces of equipment I've seen where the hardware specs have actually fallen, year over year, for comparable pieces of gear.
Anyway, if you do happen to get a real Linux router (like the Linksys WRT54GL, or early *G editions) and reflash the firmware to DD-WRT, you can enable IPv6. I don't think it does automatic 6to4 (at least it doesn't in the version I'm running) so it's not quite as slick as the Apple routers, but the capability is definitely there if you're running a decent load of software. I don't know if the capability is actually been removed from the kernel in stock firmwares or just not enabled.
I don't know what VxWorks' support for v6 is like, so I'm not sure how trivial it is for manufacturers to enable it, if they wanted to.
Re:This result seems to be because of Apple router (Score:3, Informative)
FYI, for those running routers that can run DD-WRT:
http://www.dd-wrt.com/wiki/index.php/IPv6#6to4_Setup [dd-wrt.com]
Re:This result seems to be because of Apple router (Score:4, Informative)
Doesn't matter if your router supports IPv6 if your ISP does not.
Sure it does. The whole point, and what makes it so cool, is that the AirPort sets up 6-to-4 tunnelling automatically. So you *can* have IPv6 connectivity even if your ISP doesn't provide it.
noah