1sockchuck writes "Opinions differ on when the Internet will run out of IPv4 addresses, prompting a wholesale transition to IPv6. In recent videos, John Curran of ARIN provides an overview of issues involved in the IPv6 transition, while Martin Levy of Hurricane Electric discusses his company's view that early-mover status on IPv6 readiness can be a competitive advantage for service providers. Levy's company has published an IPv4 DeathWatch app for the iPhone to raise awareness of the transition."
According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."
Yes, but there are subtle differences. For example, when they speak of challenges, your corporate overlords are telling you there will be massive layoffs soon. However, when they speak to you of opportunities, it means you personally will be laid off immediately.
"Challenges" means problems. "Opportunity" = cool features.
Features of IPv6:
Every known star in our universe can now have 252 ip addresses with ver6.
My frigging socks can tell me they need to be cleaned via a script. My shoes can use GPS to track where I'm going, how many miles I walked/ran that day, etc.
Problems of IPv6: Screw it, we'll just nat our existing IPv4 addresses.
Also I think proponents of IPv6 also tend to overlook the value of DNS. Human short-term memory only has so much space in it. IPv4 addresses tend to be hard to memorize, ergo DNS puts an easy handle on it.
In an IPv6 world you get this memory problem magnified in a huge way:
1) The addresses are now ridiculously long.
2) There's not supposed to be any such thing as NAT (which also means your practice of always having your inside router be x.1 now gets more complex)
3) Many things that don't REALLY need addresses are now going to get them, because we have so many, so lets just go crazy.
To recap, many minor devices will all have a very-long, unique address, and each will be difficult to fit into brain-space alone, let alone together.
This scenario only works in a fully-DHCP world, which is fine for some, but I'll keep my static IPv4 for as long as possible, thanks.
I'm not sure I'm following you here, so what you're saying is that instead of Joe Q. Sysadmin always having his internal router be 10.0.0.1 and all the hosts having 10.x.x.x IPs tied to hostnames he'd have something like 2001:1001:f00f::1 as the router and all hosts would be in the same subnet? Yeah, that's really scary and confusing...
Also, NAT is an ugly hack that doesn't really need to exist, the packet filtering can be handled with a plain old packet filtering firewall just like it used to be done prior to everyone using NAT and what exactly is the point of address translation? Isn't that like going back to pre-IP days when every network seemed to use its own protocol (or in this case, everyone uses local addresses internally and a single or small number of external addresses) and inter-network communication was a PITA?
And I'd rather see devices that don't need public addresses getting them than "The amazing NAT future" where you have to pay big bucks to get a public IP address instead of being stuck in NAT hell (first they came for the residential connections, but I did not speak up because I wasn't running a home server or playing games, then they came for the small business DSL customers but I did not speak up for I was not running a small business and finally they came for the corporate customers and we ended up paying thousands of dollars per server to avoid getting thrown off the 'net)...
I can't just decide to give my server the address 127.48.7.12 or 234.122.9.31 with IPv4, but that doesn't mean that I can't assign one within my address range.
Using NAT, you absolutely can. You're sacrificing the ability to communicate with those addresses in the wild, but that option definitely exists today.
And why exactly (1) does 'Joe Q. Sysadmin' need to select his own IP addresses and (2) can't he with IPv6?
He doesn't need to. He may want to. He has that option today.
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past a
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
/Mikael
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
And... what's stopping you from doing that with ipv6?
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past and present behavior, anticipating charity is dubious at best. In fact, NAT rose to popularity out of this exact same behavior. Not out of some ephemeral need to create more address space.
On this point, economics actually favors handing out at least/64 subnets: Not only does advertising at least a/64 permit stateless autoconfig (which significantly reduces management costs), but routing smaller subnets is more expensive because the route can't fit into a 64-bit machine word or CAM slot.
The point was, you don't go about memorizing them, you use DNS.
LOL. And network admins, those who are tasked with setting up and maintaining DNS, or those just doing occasional reverse lookups, do their heads just explode?
In the real world, people use IP numbers in a number of different ways, and for just as many reasons, have committed many to memory. You don't have to be a network admin, for example, to know what is behind 192.168.1.1, or that 4.2.2.1 is open for lookups.
What do you mean by "non-shared"? When you get an IPv6 connection, they don't hand you a single IP address; you get a/64 or a/48, depending on the connection type.
Competition. If ISP A is only going to give you 1 IP address because they want to hoard and monetize these IPv6 Addresses, then ISP B is going to offer you oh, 16 million IPs lets say, for the same price, to get you to come to them. 16 million? Thats an insane amount you say, well the ISP can just pull it out of their bucket of gazillions of IP addresses that is their slice of the FUCKING HUGE BEYOND COMPREHENSION IPv6 address space.
I haven't counted, but I think I have *at least* 6 ISPs to choose from --- Not counting wireless, of course. North of Copenhagen, nothing special. And none of them seems to be able to deliver an unblocked port 25 (just inbound would be cool, I can relayed outgoing no problem). Sad, right?
Where the fuck do you live where you have more than 2 viable choices for an ISP?
Try anywhere outside of the United States. I live in The Netherlands and I've only got one choice of cable ISP. But I have about 4-5 options for DSL.
//BEGIN Advert
An article I wrote a couple weeks ago makes plain how important competition is in the ISP market.
http://metafarce.com/index.php?id=24 [metafarce.com]
//END Advert
Try Temuco, Southern Chile. I know lots of people getting their internet via long distance wireless Bridges, 20, 30 miles out of town. Lots of people with Sat systems in the really rural area. The government provides sat systems to schools that are 2 days horseback ride in to the mountains.
Still, knowing the rural United States, our choices and speeds of ISP's here is likly larger. Many of my family in rural parts of the United States just got off of dial up internet about a year ago.
No it doesn't, at best there are 4,294,967,296 available IPv4 addresses, in reality there aren't nearly as many since the entire network isn't one huge subnet. With IPv6 there are 3.4*10^38 addresses. There is no real competition in terms of "we give you your own class C" vs "We give you one address" when it comes to IPv4 because most ISPs can't actually hand out addresses like they're candy. With IPv6 an ISP would have no problem whatsoever handing out a/64 to each customer since they'll have a shitload of/64s to hand out.
Note to self. We are said have meaningful competition in digital communications that provides all sorts of benefits. Organize expedition. Try to find it/them. Surely there must be some way to profit from discovery of something that rare.
How? We can worry about how to profit once we capture one or more competes (or whatever the hell the singular of competition is) and persuade it/them to breed in captivity.
There are currently 32 bits allocated for IPv6 subscriber connections. An entire datacenter only needs one of those, contrasted to a/23 or larger now.
What you go to with a/48 prefix (which is the standard ISP subscriber size) is a network with 16 subnet bits and space for an effectively infinite number of hosts in each subnet.
It won't shake out this way. ISP's aren't giving you that many addresses now, and many (if not all) limit and/or upcharge-for the quantity assigned. It isn't difficult to imagine scenarios where is doesn't matter, to be sure, but this kind of convenience is something that NAT has allowed us to take for granted.
I believe that the registries are requiring the provision of/64s and/48s to end-user connections. Even if they weren't, the ISPs would provide at minimum/64s, since most networking equipment can't handle routing prefixes longer than/64 in hardware--i.e., routing anything longer than/64 is more expensive.
You're referring to 'non-ameteur' admins with a voice of authority, yet you cannot avoid being confused over how DHCP allows you to set these addresses once instead of many times over?
IPv6 isn't IPv4. You can use stateless autoconfiguration to find that router, no DHCP needed. The advertisement can also include information on DNS servers. If the DNS servers and default gateway ar
Umm, about what? He trots out a bunch of hypothetical problems that people have been cheerfully ignoring because they don't manifest in reality. IPv6 is here and working today, even if Dan didn't want to believe it possible.
They do manifest in reality: They are why I don't have an IPv6 address: It's to much work for too little benefit. It can be worked around, but it's just more work, and wouldn't really get me anything.
Basically all he is saying is 'accept an IPv4 address as an IPv6 address'. Which would mean that 'upgrading' would be as simple as getting software that can handle being sent IPv6 addresses. (Which basically everyone's already got at this point.)
Instead at the current situation you have to figure out how and
Grandma will upgrade to IPv6 when her ISP says your modem needs to be replaced or they have a tech swap her cable modem. The layman argument does not hold water in every situation. Most laymen will plug in their new IPv6 router and not even configure a password, let alone worry about routing tables, etc.
That's like saying grandma can't change her own brake pads, so we'll just let her grind her rotors down. Grandma will just goto a mechanic or in this case, her ISP which is staffed with NETWORK ENGINEERS. It
So, in the current situation, everyone who switches to IPv6 needs to be a network engineer.
That's bull. End users don't need to know or do anything. At this point, all we really need is for ISPs to provide IPv6 and the rest will happen without users doing -- or knowing -- a thing.
Yes, the network works, but there is no decent upgrade plan.
Also crap. The upgrade plan is for IPv4 and IPv6 to coexist for a few years. Users deal with DNS names, not IP addresses, and applications and resolvers already transparently look for both AAAA and A records and use the AAAA records if available. All of the major OSes have solid IPv6 support in place -- if you don't believe me, install a radvd server on your home network and notice how *instantly* all the machines on your LAN have IPv6 addresses (heck, they all have link-local addresses now) right next to their IPv4 addresses. Of course, if your ISP set up support for IPv6, you wouldn't have to do anything.
The only reason that IPv6 won't currently work for most people even if their ISPs support it is that their current NATing router appliances don't support it properly. But if ISPs implemented v6 support, Linksys, D-Link, etc. would start rolling out devices with proper IPv6 in their firmware. With enough users on the v6 network, web site admins, etc., would add v6 support and AAAA DNS records, which the v6-enabled users would instantly (and transparently) begin using.
The transition plan is solid, and works very well in practice (as you can verify by using Hurricane Electric or another v6 tunnel provider). What's lacking is the ISP motivation, and being able to use a v4 address as a v6 address wouldn't change that at all.
Really? Ok, then. I have a Linux box connected to a Netgear router providing NATted connections, itself connected to a cable modem that goes out to Comcast, who provides my pipe and is my ISP. Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
If you can't tell me how, than Dan's "hypothetical problems" are very real indeed.
As far as I can tell, what people have been "cheerfully ignoring" is IPv6.
If you want to, you *can* work around them, by using a v6 tunnel provider (like Hurricane Electric). The configuration is not hard, but isn't something Grandma could do (not my Grandma, anyway)....
Those are the two big problems with v6 right now: ISPs that don't provide v6 addresses and home routers that aren't properly configured for v6 support. If ISPs start providing v6, though, router manufacturers will eventually pull their heads out and new routers will do the job correctly (and the manufacturers w
The people who came up with IPv6 seemed to be too ivory tower: they forgot about the reality on the ground. Few ISPs are even thinking about IPv6.
Amen to that. But I don't see an academic angle so much as an ILEC angle i.e., IPv6 is being handicapped by large telcos, large ISPs, legacy netblock owners and their proxies in order to drive up fees for IPv4 addresses. The threads on new fee structures, in mailing lists like arin-ppml, make this obscenely clear. IPv4 netblock owners are salivating over the potential for profit from what should be a public resource.
Only thing more disappointing than ARIN's failure to either reclaim unused IPv4 netblocks (and there are plenty of those, both large and small) or speed the adoption of IPv6 is the DOC and FCC's failure to foresee the damage, both economic and to communications, which the coming address shortage will cause.
US government contracts are starting to require IPv6 support. This is the main reason I'm seeing for IPv6 adoption. If it weren't for the government, we would all be keeping our heads in the sand until the internet starts slowly failing and Goldman Sachs starts selling remaining IPv4 netblocks to speculators.
Stolen from wikipedia:
"As of April 2008, predictions of exhaustion date of the unallocated IANA pool seem to converge to between February 2010 and May 2011"
Does that take into account universities and large companies giving back all the class A ip addresses they have that were initially given out back in the day?
The potaroo exhaustion counter that these dates come from hasn't changed significantly in the last year that I've been following it. It dips somethimes to 650 days or so, then climbs over 1000 days sometimes.. but the average stays around the 700 mark.
If the prediction had been remotely accurate when it said 700 last year it should be at around 350 this year, and it just isn't.
OK, here's a handy checklist to see if IPv6 is ready for prime time:
Use case: access a common web site (e.g. Slashdot) entirely by IPv6 packets: 1) Look up host's IP via IPv6 packets: 1a) Access a root DNS node via IPv6 packets (look up.org DNS server): CHECK 1b) Access.org DNS node via IPv6 packets (lookup slashdot.org address): ??? 2) Access slashdot.org via IPv6 packets: 2a) Route IPv6 packets from my computer to "the Internet": FAIL 2b) Route IPv6 packets from "the Internet" to Co-Lo facility: ??? 2c) Route IPv6 packets within the Co-Lo to Slashdot's servers: ???
When you (a presumably technically skilled user) can do that, then IPv6 is ready for the masses.
I can do everything in your list just fine -- if you pick a web site that actually supports v6. There is no AAAA record for slashdot.org. Were Slashdot to configure their servers for IPv6 and add appropriate AAAA records, then it would be reachable. Of course, most sites don't bother with v6 support, because few users have v6 addresses, which is because most ISPs don't support v6.
...is that even new devices don't support IPv6, even when they're in entirely controlled address spaces.
For example, why the hell don't, for example, cell phones internet capabilities have IPv6? I mean the IPv6 routing would seem exactly designed for cell phones, devices external to the network don't need to reach them, and it's a frickin closed system with device upgrades fairly quickly. If we can't even use IPv6 in closed systems like that, it has failed.
The reason, of course, is because IPv6 is, in fact, an EPIC FAIL in actually working, because no one apparently bothered to figure out any sort of actual transition for it.
It's like, if instead of self-driving cars, they invented self-driving micro-monorails and expected us to buy them. But, don't worry, they have a handy monorail carrying rack we can install on top of our car that not that hard to set up so we can carry our monorail to the monorail tracks fifty miles away.
D. J. Bernstein is an ass, but he's right about this.
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place. Any router that talked to devices that didn't understand IPv6 could just 'dumb it down' to IPv4, and, they should eventually do the same in reverse!
We could actually include a bit in the packet that upconverted IPv6 packets get, so we could keep statistics on how many packets were IPv6 their entire distance, and how many got converted down and back up at some point. So we could see what networks are actually switching out their equipment, and see what misconfigured gear thinks it's talking to IPv4 devices when it's talking to IPv6, so it needlessly converting. (IEEE 802.2 specifics a way to autonegotiate IPv4 or IPv6 using the EtherType, but it might not always work, and it's only for Ethernet anyway.)
At some point, as routers and OSes got replaced, large amounts of traffic on the internet would end up being IPv6 their entire distance, and at that point we can start assigning the IPv6 addresses that don't have a equivalent IPv4 one.
And, incidentally, we should keep the IPv4 network operational forever. 95% of the people can give their IPv4 addresses back, and as people stop connecting IPv4 devices, routers and whatnot will lose the ability to speak to them but there will still be some devices that cannot be upgraded, some embedded device that speaks only IPv4 or whatever. The company should be able to keep an IPv4 address, and require people to install one of the routers that can still upconvert in front of the device, and it gets routed over the internet and back just like anything else, because, for almost all the trip, it's IPv6. There would be no reason to ever turn off the subset of IPv6 that is IPv4.
Instead we invented a new fucking network that doesn't interact with IPv4 at all. Yes, yes, you can get IPv6 versions of IPv4 addresses, but routers and OSes do not automatically translate them. And it's actually against the rules for someone to try to contact a IPv4 server 'over' IPv6. They have to use their IPv4 address, like there should be a difference.
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place.
Yes, that's what was done the last two times the address space was upgraded.
When ARPANET IMP addresses went from one byte to two bytes, to allow the number of nodes to increase beyond 256, the old addresses retained their 8-bit value, with a new prefix.
When the ARPANET was extended to the Internet, the two byte IMP address was the low two octets of the IP address, and the first two octets were 10 and 0, so IMP addresses converted to IP addresses as [10.0.xxx.xxx]. And that's where "network 10" came from. When the ARPANET went down, it freed up that address space for other uses.
Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.
Here's all you gotta do.
Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!
You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!
Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!
Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.
Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.
And yes,::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)
if [ "$2" = "delete" ] then/sbin/ip link set dev tun6to4 down/sbin/ip -6 route flush dev tun6to4/sbin/ip tunnel del tun6to4
echo "IPv6 tunnel has been deleted."
exit fi;/sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4};/sbin/ip link set dev tun6to4 up;/sbin/ip -6 addr add ${ipv6}/16 dev tun6to4;/sbin/ip -6 route add 2000::/3 via::192.88.99.1 dev tun6to4 metric 1;
if ping6 -c 1 he.net 2>&1 1>/dev/null then
echo "Verified IPv6 connectivity."; else
echo "Can't ping IPv6 network."; fi;
For those without a Linux router: sudo aptitude install miredo sudo invoke-rc.d miredo start ping6 -nc 1 ipv6.google.com PING ipv6.google.com(2001:4860:a005::68) 56 data bytes 64 bytes from 2001:4860:a005::68: icmp_seq=1 ttl=58 time=29.9 ms lynx --dump http://ipv6.whatismyv6.com/ [whatismyv6.com] | head -n 5 This page shows your IPv6 and/or IPv4 address You are connecting with an IPv6 Address of: 2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
It works through NAT, which actually makes it even easier to use than 6to4. Thanks for pointing it out! 6to4 is more of a site tool, and Teredo is a client tool.
Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?
I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.
Here's what you need to know about IPv6:
It's here and working today, and a lot of people are starting to adopt it.
You can run IPv4 and IPv6 on the same network and machines. I don't know of any IPv6 implementation that can't run alongside IPv4.
DNS works perfectly fine for IPv6. I have a long address on my machines at home and work, but ever have to manually type them anywhere after adding them to DNS.
If you enable IPv6 alongside IPv4 and try to connect to another host, and that host has an IPv6 DNS record, then your machine will try to connect to that address and then fall back to IPv4 if that fails. If it doesn't have an IPv6 DNS record, then you'll connect via IPv4. There's no penalty for enabling it.
NAT sucks. It might seem like a reasonable idea until you're reminded how nice it is not to have to mess with it, then you'll come to loathe it.
There are plenty of good, free, reliable IPv6 tunnels available. I use Hurricane Electric [tunnelbroker.net], but there are lots of others to choose from.
All modern OSes support IPv6 out of the box.
Many/most consumer routers do not support IPv6 natively (although you can still tunnel through those routers from your Linux or Windows or Mac server or desktop). Some do, though, and an Airport Extreme is still a consumer product even if it's more expensive than some of the others.
I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.
Apple's market share for routers is tiny compared to Netgear and Linksys. I'm one of the 8% or so of people who uses a Mac, but it talks to a Netgear router.
corpspeak to english dictionary (Score:5, Insightful)
According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."
Re:corpspeak to english dictionary (Score:5, Funny)
According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."
Yes, but there are subtle differences. For example, when they speak of challenges, your corporate overlords are telling you there will be massive layoffs soon. However, when they speak to you of opportunities, it means you personally will be laid off immediately.
Parent
marketing speak = teh suck (Score:4, Insightful)
"Challenges" means problems. "Opportunity" = cool features.
Features of IPv6:
Every known star in our universe can now have 252 ip addresses with ver6.
My frigging socks can tell me they need to be cleaned via a script. My shoes can use GPS to track where I'm going, how many miles I walked/ran that day, etc.
Problems of IPv6: Screw it, we'll just nat our existing IPv4 addresses.
Re:marketing speak = teh suck (Score:5, Insightful)
This, this, o-this-ily-this!
Also I think proponents of IPv6 also tend to overlook the value of DNS. Human short-term memory only has so much space in it. IPv4 addresses tend to be hard to memorize, ergo DNS puts an easy handle on it.
In an IPv6 world you get this memory problem magnified in a huge way:
1) The addresses are now ridiculously long.
2) There's not supposed to be any such thing as NAT (which also means your practice of always having your inside router be x.1 now gets more complex)
3) Many things that don't REALLY need addresses are now going to get them, because we have so many, so lets just go crazy.
To recap, many minor devices will all have a very-long, unique address, and each will be difficult to fit into brain-space alone, let alone together.
This scenario only works in a fully-DHCP world, which is fine for some, but I'll keep my static IPv4 for as long as possible, thanks.
Parent
Re:marketing speak = teh suck (Score:5, Insightful)
I'm not sure I'm following you here, so what you're saying is that instead of Joe Q. Sysadmin always having his internal router be 10.0.0.1 and all the hosts having 10.x.x.x IPs tied to hostnames he'd have something like 2001:1001:f00f::1 as the router and all hosts would be in the same subnet? Yeah, that's really scary and confusing...
Also, NAT is an ugly hack that doesn't really need to exist, the packet filtering can be handled with a plain old packet filtering firewall just like it used to be done prior to everyone using NAT and what exactly is the point of address translation? Isn't that like going back to pre-IP days when every network seemed to use its own protocol (or in this case, everyone uses local addresses internally and a single or small number of external addresses) and inter-network communication was a PITA?
And I'd rather see devices that don't need public addresses getting them than "The amazing NAT future" where you have to pay big bucks to get a public IP address instead of being stuck in NAT hell (first they came for the residential connections, but I did not speak up because I wasn't running a home server or playing games, then they came for the small business DSL customers but I did not speak up for I was not running a small business and finally they came for the corporate customers and we ended up paying thousands of dollars per server to avoid getting thrown off the 'net)...
/Mikael
Parent
Re: (Score:3, Insightful)
I can't just decide to give my server the address 127.48.7.12 or 234.122.9.31 with IPv4, but that doesn't mean that I can't assign one within my address range.
Using NAT, you absolutely can. You're sacrificing the ability to communicate with those addresses in the wild, but that option definitely exists today.
And why exactly (1) does 'Joe Q. Sysadmin' need to select his own IP addresses and (2) can't he with IPv6?
He doesn't need to. He may want to. He has that option today.
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past a
Re:marketing speak = teh suck (Score:4, Interesting)
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
/Mikael
Parent
Re:marketing speak = teh suck (Score:4, Interesting)
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
/Mikael
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
Parent
Re: (Score:3, Interesting)
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
And... what's stopping you from doing that with ipv6?
Re:marketing speak = teh suck (Score:4, Informative)
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past and present behavior, anticipating charity is dubious at best. In fact, NAT rose to popularity out of this exact same behavior. Not out of some ephemeral need to create more address space.
On this point, economics actually favors handing out at least /64 subnets: Not only does advertising at least a /64 permit stateless autoconfig (which significantly reduces management costs), but routing smaller subnets is more expensive because the route can't fit into a 64-bit machine word or CAM slot.
Parent
Re: (Score:3, Insightful)
The point was, you don't go about memorizing them, you use DNS.
LOL. And network admins, those who are tasked with setting up and maintaining DNS, or those just doing occasional reverse lookups, do their heads just explode?
In the real world, people use IP numbers in a number of different ways, and for just as many reasons, have committed many to memory. You don't have to be a network admin, for example, to know what is behind 192.168.1.1, or that 4.2.2.1 is open for lookups.
This doesn't mean it's impossib
Re:marketing speak = teh suck (Score:4, Insightful)
What do you mean by "non-shared"? When you get an IPv6 connection, they don't hand you a single IP address; you get a /64 or a /48, depending on the connection type.
Parent
Re:marketing speak = teh suck (Score:4, Interesting)
Parent
Re:marketing speak = teh suck (Score:5, Insightful)
Where the fuck do you live where you have more than 2 viable choices for an ISP?
What universe do you live in where the "competition" would realistically compete on this feature?
Parent
Re:marketing speak = teh suck (Score:4, Interesting)
I haven't counted, but I think I have *at least* 6 ISPs to choose from --- Not counting wireless, of course. North of Copenhagen, nothing special. And none of them seems to be able to deliver an unblocked port 25 (just inbound would be cool, I can relayed outgoing no problem). Sad, right?
Parent
Re:marketing speak = teh suck (Score:4, Informative)
Where the fuck do you live where you have more than 2 viable choices for an ISP?
Try anywhere outside of the United States. I live in The Netherlands and I've only got one choice of cable ISP. But I have about 4-5 options for DSL.
//BEGIN Advert
An article I wrote a couple weeks ago makes plain how important competition is in the ISP market. http://metafarce.com/index.php?id=24 [metafarce.com]
//END Advert
Parent
Re: (Score:3, Informative)
Try Temuco, Southern Chile. I know lots of people getting their internet via long distance wireless Bridges, 20, 30 miles out of town. Lots of people with Sat systems in the really rural area. The government provides sat systems to schools that are 2 days horseback ride in to the mountains.
Still, knowing the rural United States, our choices and speeds of ISP's here is likly larger. Many of my family in rural parts of the United States just got off of dial up internet about a year ago.
Re:marketing speak = teh suck (Score:4, Interesting)
No it doesn't, at best there are 4,294,967,296 available IPv4 addresses, in reality there aren't nearly as many since the entire network isn't one huge subnet. With IPv6 there are 3.4*10^38 addresses. There is no real competition in terms of "we give you your own class C" vs "We give you one address" when it comes to IPv4 because most ISPs can't actually hand out addresses like they're candy. With IPv6 an ISP would have no problem whatsoever handing out a /64 to each customer since they'll have a shitload of /64s to hand out.
/Mikael
Parent
Re: (Score:3, Insightful)
***That same competition exists under IPv4.***
Note to self. We are said have meaningful competition in digital communications that provides all sorts of benefits. Organize expedition. Try to find it/them. Surely there must be some way to profit from discovery of something that rare.
How? We can worry about how to profit once we capture one or more competes (or whatever the hell the singular of competition is) and persuade it/them to breed in captivity.
Re: (Score:3, Informative)
There are currently 32 bits allocated for IPv6 subscriber connections. An entire datacenter only needs one of those, contrasted to a /23 or larger now.
What you go to with a /48 prefix (which is the standard ISP subscriber size) is a network with 16 subnet bits and space for an effectively infinite number of hosts in each subnet.
Re: (Score:3, Informative)
It won't shake out this way. ISP's aren't giving you that many addresses now, and many (if not all) limit and/or upcharge-for the quantity assigned. It isn't difficult to imagine scenarios where is doesn't matter, to be sure, but this kind of convenience is something that NAT has allowed us to take for granted.
I believe that the registries are requiring the provision of /64s and /48s to end-user connections. Even if they weren't, the ISPs would provide at minimum /64s, since most networking equipment can't handle routing prefixes longer than /64 in hardware--i.e., routing anything longer than /64 is more expensive.
You're referring to 'non-ameteur' admins with a voice of authority, yet you cannot avoid being confused over how DHCP allows you to set these addresses once instead of many times over?
IPv6 isn't IPv4. You can use stateless autoconfiguration to find that router, no DHCP needed. The advertisement can also include information on DNS servers. If the DNS servers and default gateway ar
Re: (Score:3, Funny)
Hmmm.... Every known star in the universe with it's own ip address. Now I think that the promise of cloud computing is finally starting to dawn on me!
IpV6 reality check (Score:5, Informative)
Dan Bernstein has chimed in on this before:
http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]
He is basically dead right.
The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.
-paul
Re: (Score:3, Interesting)
Since this rant, google has actually gone IPv6 for IPv6 ready ISPs.
http://www.google.com/intl/en/ipv6/ [google.com]
By no means is the internet IPv6 friendly, and a lot of the points Dan makes are good ones, but he fails to offer any solutions either.
Re: (Score:3, Informative)
He is basically dead right.
Umm, about what? He trots out a bunch of hypothetical problems that people have been cheerfully ignoring because they don't manifest in reality. IPv6 is here and working today, even if Dan didn't want to believe it possible.
Re: (Score:3, Insightful)
They do manifest in reality: They are why I don't have an IPv6 address: It's to much work for too little benefit. It can be worked around, but it's just more work, and wouldn't really get me anything.
Basically all he is saying is 'accept an IPv4 address as an IPv6 address'. Which would mean that 'upgrading' would be as simple as getting software that can handle being sent IPv6 addresses. (Which basically everyone's already got at this point.)
Instead at the current situation you have to figure out how and
Re: (Score:3, Insightful)
Grandma will upgrade to IPv6 when her ISP says your modem needs to be replaced or they have a tech swap her cable modem. The layman argument does not hold water in every situation. Most laymen will plug in their new IPv6 router and not even configure a password, let alone worry about routing tables, etc.
That's like saying grandma can't change her own brake pads, so we'll just let her grind her rotors down. Grandma will just goto a mechanic or in this case, her ISP which is staffed with NETWORK ENGINEERS. It
Re:IpV6 reality check (Score:4, Informative)
So, in the current situation, everyone who switches to IPv6 needs to be a network engineer.
That's bull. End users don't need to know or do anything. At this point, all we really need is for ISPs to provide IPv6 and the rest will happen without users doing -- or knowing -- a thing.
Yes, the network works, but there is no decent upgrade plan.
Also crap. The upgrade plan is for IPv4 and IPv6 to coexist for a few years. Users deal with DNS names, not IP addresses, and applications and resolvers already transparently look for both AAAA and A records and use the AAAA records if available. All of the major OSes have solid IPv6 support in place -- if you don't believe me, install a radvd server on your home network and notice how *instantly* all the machines on your LAN have IPv6 addresses (heck, they all have link-local addresses now) right next to their IPv4 addresses. Of course, if your ISP set up support for IPv6, you wouldn't have to do anything.
The only reason that IPv6 won't currently work for most people even if their ISPs support it is that their current NATing router appliances don't support it properly. But if ISPs implemented v6 support, Linksys, D-Link, etc. would start rolling out devices with proper IPv6 in their firmware. With enough users on the v6 network, web site admins, etc., would add v6 support and AAAA DNS records, which the v6-enabled users would instantly (and transparently) begin using.
The transition plan is solid, and works very well in practice (as you can verify by using Hurricane Electric or another v6 tunnel provider). What's lacking is the ISP motivation, and being able to use a v4 address as a v6 address wouldn't change that at all.
Parent
Re: (Score:3, Insightful)
Really? Ok, then. I have a Linux box connected to a Netgear router providing NATted connections, itself connected to a cable modem that goes out to Comcast, who provides my pipe and is my ISP. Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
If you can't tell me how, than Dan's "hypothetical problems" are very real indeed.
As far as I can tell, what people have been "cheerfully ignoring" is IPv6.
Re: (Score:3, Informative)
Re:IpV6 reality check (Score:5, Insightful)
The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.
Amen to that. But I don't see an academic angle so much as an ILEC angle i.e., IPv6 is being handicapped by large telcos, large ISPs, legacy netblock owners and their proxies in order to drive up fees for IPv4 addresses. The threads on new fee structures, in mailing lists like arin-ppml, make this obscenely clear. IPv4 netblock owners are salivating over the potential for profit from what should be a public resource.
Only thing more disappointing than ARIN's failure to either reclaim unused IPv4 netblocks (and there are plenty of those, both large and small) or speed the adoption of IPv6 is the DOC and FCC's failure to foresee the damage, both economic and to communications, which the coming address shortage will cause.
Parent
IPv6 is the protocol of the future (Score:5, Funny)
...and always will be!
thank the US government (Score:3, Informative)
US government contracts are starting to require IPv6 support. This is the main reason I'm seeing for IPv6 adoption. If it weren't for the government, we would all be keeping our heads in the sand until the internet starts slowly failing and Goldman Sachs starts selling remaining IPv4 netblocks to speculators.
Re:thank the US government (Score:4, Insightful)
And that's what they're getting: IPv6 support. You're getting set ups that *could* run IPv6. They don't, but they could.
Parent
Current deadline, in case anyone's interested (Score:3, Informative)
"As of April 2008, predictions of exhaustion date of the unallocated IANA pool seem to converge to between February 2010 and May 2011"
Re: (Score:2, Interesting)
Does that take into account universities and large companies giving back all the class A ip addresses they have that were initially given out back in the day?
(I'm genuinely asking, I don't know)
Re: (Score:3, Interesting)
Problem with that prediction is it's bollocks.
The potaroo exhaustion counter that these dates come from hasn't changed significantly in the last year that I've been following it. It dips somethimes to 650 days or so, then climbs over 1000 days sometimes.. but the average stays around the 700 mark.
If the prediction had been remotely accurate when it said 700 last year it should be at around 350 this year, and it just isn't.
Readiness test checklist (Score:4, Insightful)
OK, here's a handy checklist to see if IPv6 is ready for prime time:
Use case: access a common web site (e.g. Slashdot) entirely by IPv6 packets: .org DNS server): CHECK .org DNS node via IPv6 packets (lookup slashdot.org address): ???
1) Look up host's IP via IPv6 packets:
1a) Access a root DNS node via IPv6 packets (look up
1b) Access
2) Access slashdot.org via IPv6 packets:
2a) Route IPv6 packets from my computer to "the Internet": FAIL
2b) Route IPv6 packets from "the Internet" to Co-Lo facility: ???
2c) Route IPv6 packets within the Co-Lo to Slashdot's servers: ???
When you (a presumably technically skilled user) can do that, then IPv6 is ready for the masses.
Re: (Score:3, Informative)
1B)
% dig any org @a.root-servers.net
; > DiG 9.7.0a2 > any org @a.root-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 4577 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;org. IN ANY ;; AUTHORITY SECTION:
org. 172800 IN NS B2.ORG.AFILIAS-NST.org.
org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
org.
Re:Readiness test checklist (Score:4, Interesting)
I can do everything in your list just fine -- if you pick a web site that actually supports v6. There is no AAAA record for slashdot.org. Were Slashdot to configure their servers for IPv6 and add appropriate AAAA records, then it would be reachable. Of course, most sites don't bother with v6 support, because few users have v6 addresses, which is because most ISPs don't support v6.
When the ISPs move, everything else will follow.
Parent
What, again? (Score:5, Funny)
2002 called. They want their impending-IPv6-transition stories back.
The thing that gets me... (Score:4, Interesting)
...is that even new devices don't support IPv6, even when they're in entirely controlled address spaces.
For example, why the hell don't, for example, cell phones internet capabilities have IPv6? I mean the IPv6 routing would seem exactly designed for cell phones, devices external to the network don't need to reach them, and it's a frickin closed system with device upgrades fairly quickly. If we can't even use IPv6 in closed systems like that, it has failed.
The reason, of course, is because IPv6 is, in fact, an EPIC FAIL in actually working, because no one apparently bothered to figure out any sort of actual transition for it.
It's like, if instead of self-driving cars, they invented self-driving micro-monorails and expected us to buy them. But, don't worry, they have a handy monorail carrying rack we can install on top of our car that not that hard to set up so we can carry our monorail to the monorail tracks fifty miles away.
D. J. Bernstein is an ass, but he's right about this.
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place. Any router that talked to devices that didn't understand IPv6 could just 'dumb it down' to IPv4, and, they should eventually do the same in reverse!
We could actually include a bit in the packet that upconverted IPv6 packets get, so we could keep statistics on how many packets were IPv6 their entire distance, and how many got converted down and back up at some point. So we could see what networks are actually switching out their equipment, and see what misconfigured gear thinks it's talking to IPv4 devices when it's talking to IPv6, so it needlessly converting. (IEEE 802.2 specifics a way to autonegotiate IPv4 or IPv6 using the EtherType, but it might not always work, and it's only for Ethernet anyway.)
At some point, as routers and OSes got replaced, large amounts of traffic on the internet would end up being IPv6 their entire distance, and at that point we can start assigning the IPv6 addresses that don't have a equivalent IPv4 one.
And, incidentally, we should keep the IPv4 network operational forever. 95% of the people can give their IPv4 addresses back, and as people stop connecting IPv4 devices, routers and whatnot will lose the ability to speak to them but there will still be some devices that cannot be upgraded, some embedded device that speaks only IPv4 or whatever. The company should be able to keep an IPv4 address, and require people to install one of the routers that can still upconvert in front of the device, and it gets routed over the internet and back just like anything else, because, for almost all the trip, it's IPv6. There would be no reason to ever turn off the subset of IPv6 that is IPv4.
Instead we invented a new fucking network that doesn't interact with IPv4 at all. Yes, yes, you can get IPv6 versions of IPv4 addresses, but routers and OSes do not automatically translate them. And it's actually against the rules for someone to try to contact a IPv4 server 'over' IPv6. They have to use their IPv4 address, like there should be a difference.
Previous address expansions (Score:4, Interesting)
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place.
Yes, that's what was done the last two times the address space was upgraded.
When ARPANET IMP addresses went from one byte to two bytes, to allow the number of nodes to increase beyond 256, the old addresses retained their 8-bit value, with a new prefix.
When the ARPANET was extended to the Internet, the two byte IMP address was the low two octets of the IP address, and the first two octets were 10 and 0, so IMP addresses converted to IP addresses as [10.0.xxx.xxx]. And that's where "network 10" came from. When the ARPANET went down, it freed up that address space for other uses.
But we have DNS now.
Parent
try it tonight (Score:5, Informative)
Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.
Here's all you gotta do.
Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!
You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!
Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!
Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.
Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through ::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.
And yes, ::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)
Re:try it tonight (Score:5, Informative)
here's one way of setting a 6to4 tunnel up. i squished some semicolons in cause it's pasting funny.
#!/bin/bash
# Create a 6to4 tunnel in linux.
if [ $# -eq 0 ]
then
echo "Usage: $0 [delete]";
exit;
fi;
ipv4=$(ifconfig $1|grep "inet addr:"|awk '{print $2}'|awk -F: '{print $2}');
ipv6=$(printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`);
echo "ipv4 address: ${ipv4}";
echo "ipv6 address: $ipv6";
if [ "$2" = "delete" ] /sbin/ip link set dev tun6to4 down /sbin/ip -6 route flush dev tun6to4 /sbin/ip tunnel del tun6to4 /sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4}; /sbin/ip link set dev tun6to4 up; /sbin/ip -6 addr add ${ipv6}/16 dev tun6to4; /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1;
then
echo "IPv6 tunnel has been deleted."
exit
fi;
if ping6 -c 1 he.net 2>&1 1>/dev/null
then
echo "Verified IPv6 connectivity.";
else
echo "Can't ping IPv6 network.";
fi;
Parent
Re:try it tonight (Score:4, Informative)
For those without a Linux router:
sudo aptitude install miredo
sudo invoke-rc.d miredo start
ping6 -nc 1 ipv6.google.com
PING ipv6.google.com(2001:4860:a005::68) 56 data bytes
64 bytes from 2001:4860:a005::68: icmp_seq=1 ttl=58 time=29.9 ms
lynx --dump http://ipv6.whatismyv6.com/ [whatismyv6.com] | head -n 5
This page shows your IPv6 and/or IPv4 address
You are connecting with an IPv6 Address of:
2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Parent
Re: (Score:3, Informative)
Teredo isn't 6to4.
It works through NAT, which actually makes it even easier to use than 6to4. Thanks for pointing it out! 6to4 is more of a site tool, and Teredo is a client tool.
A pack of Luddites, honestly! (Score:5, Insightful)
Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?
I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.
Here's what you need to know about IPv6:
I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.
I am excited. (Score:3, Funny)
I can't wait for the day I get home from work in my flying electric car to play Duke Nukem Forever against my friends over my new IPV6 connection.
Re: (Score:3, Informative)
Apple's market share for routers is tiny compared to Netgear and Linksys. I'm one of the 8% or so of people who uses a Mac, but it talks to a Netgear router.