Comcast Begins Native IPv6 Deployment To End Users

First time accepted submitter Daaelarius writes "Comcast has begun deployment of Native IPv6 access to end users. The deployment is starting out small with a single market, but is expected to expand rapidly. They have provided ... more in depth technical details." Finally; native dual-stack IPv6 for home customers. Perhaps we can avoid a post-exhaustion future of NAT-upon-NAT and use restrictions.

Re:Yeah right

[BlueParrot]

People underestimate the address space in IPv6 when they make remarks like this.

In principle IPv6 could hold more than 10^38 addresses. Now due to structuring and various reservations and so on there is considerably fewer. So for the sake of argument, let's say it is "only" 10^20. That's still enough that for every present IPv4 address you could add an entire internet and still have addresses left over.

What this means is that even if ISPs were incredibly wasteful and basically trashed 99.9% of the address space due to bad practices, you'd still have millions of addresses for every person in the world.

Re:So, as an end user...

[tuffy]

The idea is that the end user is still going to keep all his devices behind a firewall so everybody on the internet can't probe them. But since your toaster has its own actual address, it can connect directly to the Online Toasting Database server without having to kludge all that traffic through a NAT.

Re:Yeah right

[digitalsushi]

http://www6.ietf.org/rfc/rfc3315.txt [ietf.org]

Autoconf currently doesn't assign a prefix delegation.

Comment removed

[account_deleted]

Comment removed based on user account deletion

No, I don't.

[khasim]

You confuse NAT with Firewall.

No, I don't. And you probably mean PAT, not NAT.

IPv6 still needs a firewall, which will be done by the same device that currently does your NAT and firewall. Why would that change?

No it does not. The same as IPv4 does not require a firewall.

But, many end-users purchase an EXTERNAL firewall in order to get the PAT functionality so that they can run multiple devices (and wireless) on the single IP address that their ISP provides them.

So, in order for them to overcome the limitations of IPv4 (fewer IP addresses) they, inadvertently, purchase a firewall that improves their security.

Why, did your current router come pre-configured to forward all of your ports to random inside IPs without you directing it to do so?
No?

I have no idea what you're thinking of.

Then why would an IPv6 firewall allow in a single packet from the Internet without you specifically directing it to?
It won't.

Again, because with IPv6 there is no need for the ISP to limit the end-user to a single IP address. So the end-user can purchase different devices (such as a switch with a wireless bridge) that would allow the same PERCEIVED functionality with IPv6 as they get with IPv4 and a firewall/PAT device today.

Globally routable does NOT mean you are forced to globally route anything. It makes it an Option, fully under your control. An option you typically never have right now, want it or not.

And the point being that the end-user does NOT understand that TODAY. And cannot be expected to understand it when Comcast rolls out IPv6.

Having globally routable addresses means that if the end-user's home network is mis-configured from a security stand-point, their devices could still "work" from the perspective of the end-user. They would still be able to access the Internet.

Right now, with IPv4, that is less likely for the end-user.