IPv6 Still Hotly Debated 639
inkslinger77 writes "A significant stumbling block to IPv6 adoption may be IPv4 loyalists who are keen to keep the old protocol in preference to the 'new improved' version, according to a Computerworld Australia article. The article covers the views of Cisco's senior technical leader for IPv6 technologies, Tony Hain and Geoff Huston, a senior Internet research scientist from Asia Pacific Network Information Centre (Apnic)." From the article: "Go to your favourite venture capitalist and say 'I want to be an ISP'. By the time he stops laughing and [finds you want to run] IPv6 - the discussion gets terminated. No one wants to hear this. IPv6 is well ahead of adoption in this market so everyone is deferring. No one is running IPv6, because there is no business case for it ... if we really wanted to leave a legacy to our children we'd review the crap we have today which is pretty ghastly ..."
Me too (Score:4, Insightful)
But assuming we really do need more IPs, why IPv6? Why 128 bits instead of, say, 64? Why build the functionality of DHCP, which (mostly) works perfectly well* and is extensible enough to support cool stuff that hadn't been thought of when IPv4 and DHCP were invented (e.g. WPAD, netbooting), into IP? What's the deal with including your MAC address as part of your IP address?
Going with the assumption that the problem really is as bad as people say it is (China has a gazillion people and more of them are getting online, and it'd be great if my refrigerator had a web-based interface I could access remotely without setting up port forwarding or a VPN, etc.)... I'm not convinced that IPv6 is the right solution to the problem. It just seems to be the only solution anyone has offered, and a lot of money has been spent bringing it closer to reality.
So, convince me: why is IPv6 the right answer to the problem?
Re:Me too (Score:3, Informative)
Exactly what I'm asking. From wikipedia:
The primary change from IPv4 to IPv6 is the length of network addresses, with IPv6 addresses being 128 bits long (as defined by RFC 2373 and RFC 2374). This corresponds to 32 hexadecimal digits, which are normally used when writing IPv6 addresses. Each hexadecimal digit can take 16 values (see combinatorics), resulting in a total of 1632 (340 undecillion) addresses. IPv6 addresses are usually composed of two logical parts: a
Re:Me too (Score:5, Insightful)
Re:Me too (Score:2, Funny)
Re:Me too (Score:2)
"You realize IPv6 has more IP's then there are atoms in the universe, right?"
Surely if we have more IPs than it is possible to need (unless for some reason you want to give them to individual particles, which I doubt) it's been done right as we'll *never* run out, instead of finding in 2100 we have to do this all over again?
Re:Me too (Score:5, Informative)
Re:Me too (Score:3, Informative)
Quick math at the moment, if everything in my house that could concievably use IP addressing does so, then that's (In whatever order they spring to mind)
6 PCs, 3 Laptops, 4 TVs, 2 Fridges, 1 Microwave, 2 Kettles, 1 Espresso Machine, 2 Toilets, 1 Shower, 1 Bath, 1 Boiler, 9 Light fittings, 10 Light switches, 2 DVD players, 1 DVR, 1 Video player, 2 CD players, 2 Radios, 4 Speaker systems, 1 Cooker, 1 Dishwasher, 1 Washing machine, 2 Outdoor lights, 1 Fishtank, 4 Mobile phones,
Re:Me too (Score:5, Interesting)
Just think of all these worms scanning blocks of IP addresses somewhat randomly for vulnerable machines. It's a target rich environment.
Now imagine that we were using IPv6 instead. With a random approach to scanning, many of those worms would take years before they happened to locate an actual computer.
Of course, those writing the worms would have to switch to non-random techniques. But someone who is reasonably careful (i.e. didn't use Internet Exploder and Outhouse Express), they could have a system wide open to exploitation without it ever being exploited.
Re:Me too (Score:3, Insightful)
Re:Me too (Score:3, Informative)
Re:Me too (Score:3, Informative)
Re:Me too (Score:5, Insightful)
I hate that phrase. While true, it is very misleading since obscurity does contribute to security.
It should be "Security by obscurity is not the TOTAL answer.
Security by obscurity is a necessary and vital part of security. By reducing the likelihood of computers being randomly attacked over the Internet, there would be an increase in security. It would not provide absolute security, but it would help.
If you think about it, when you use passwords, you are using security by obscurity.
For that matter, when you use a public key that is the product of two very large primes, you are using security by obscurity. With increases in techniques and hardware, that obscurity is greatly reduced overtime and the security suffers.
Re:Me too (Score:3, Funny)
Re:Me too (Score:4, Interesting)
If there are 1 trillion people in the world and each of them is assigned 1 trillion new IPv6 addresses every day, it will take over 931 billion years to use up all of the possible addresses.
3.4 x 10^38 / (10^12 x 10^12 x 365) = 9.315 x 10^11
By comparison, the sun might swallow the Earth [nasa.gov] in 4 to 5 billion years.
Re:Me too (Score:2)
And then it calls for 64 bit host address space. meaning there can be as many computers in your network as there are networks in the world. Convenient, but complete overkill as it lacks the ability to personally manage your host network address space with a memorizable number. Though actually I believe recent versions do allow personal host addressing.. its still overkill.
Re:Me too (Score:4, Insightful)
Re:Me too (Score:5, Insightful)
There's no reason why using IPv6 with a firewall wouldn't be just as -- and probably more -- secure. Especially because you wouldn't have to spend time configuring the NAT functionality and could instead configure it as a single-purpose stateful firewall.
It is possible -- although you probably wouldn't want to -- to create a situation using static NAT without any firewalling effect that leaves your computer just as open to attack as it would sitting on the public net. Likewise it's possible to assign every computer on a LAN a globally routable IP address and secure them using a properly designed firewall (that's actually how my company is set up).
If your comment had just said you didn't want your fridge and toaster exposed to the internet without your trusty Linux firewall between it and the internet, I would heartily agree. Although I don't doubt some would argue for you about choosing Linux over BSD.
Re:Me too (Score:3, Insightful)
My real point is though, If you have a device like your toaster on the internet, and it's vulnerable to an attack that a firewall fixes, the problem is with your toaster, not the internet. That whole example is totally weak.
Why do you want to connect your toaster to the internet, so that you can connect to it, right? Or make connections out from the toaster. Either way, you need port
Re:Me too (Score:3, Informative)
Site-Local scoped addresses (FEC0::/10) have been deprecated as of September 2004 (see RFC3879).
Re:IPv6 is good, but so is NAT (Score:4, Insightful)
**You have missed the point entirely**
Forcing everyone back into the bureaucratic process is exactly what the designers want to do. Imagine how much less money would be made by cell phone companies if you could pick up any phone and it would automatically choose a phone number, then register your name with a decentralized directory so anyone who wanted to reach you could. Instead, you have to pay that $50 activation fee, plus a sizable portion of every month's cell phone bill, just for the privilege of being told when and where you can make telephone calls. That is the ideal that our IPv6 overlords are shooting for. I for one welcome them.
IPv6 and NAT (Score:3, Interesting)
It's supposed to be Overkill (Score:5, Insightful)
The previous poster asked Why 128 bits instead of, say, 64?
The amount of work required to jump to 64 bit addressing or 128 bit addressing is identical. Since you're going to have to re-write everything anyway, you may as well figure in a ridiculously large address space, because not doing so saves you nothing.
Additionally, the routing table saving offered cannot be understated. With huge swaths of continguous address space, you can (hypothetically) represent an entire continent as a single aggregated routing entry (The more granular routing information would only be seen locally.), and the number of unique addresses within that range would be virtually inexhaustable.
Overkill is a good thing when it doesn't cost you anything.
Not me too (Score:4, Insightful)
It's 128 bits instead of 64 so we don't have to go through this again in five years.
Remember, the Internet *core* used to run over 56kb/s lines -- the same speed as those $20 modems that individuals are throwing away by the basketful today because they're unbearably slow for *personal* use. It's *hard* to plan well for that kind of growth. Better to waste a couple of bits than have to waste the whole thing and do it over.
Re:Me too (Score:2)
There is nothing in the protocol that says you can't run multiple IP subnets over the same physical wires, and in fact I do it all the time.
Re:Me too (Score:2)
Just to clarify, I have no trouble running two subnets on the same physical LAN, the problem is using DHCP on both subnets. Let's say we have a "private" subnet and a "public" subnet. I've got a database of known MAC addresses, from which I build dhcpd.conf. If I get a DHCP request from a computer with a known MAC, I want to assign it a static IP address on the "priv
Scalability. (Score:2)
As for you ISC DHCP problem, you can assign whatever address blocks you want to. You just need to setup the correct criteria and have a way to recognize it. The easiest way is to assign one block to particular MAC's an a different block to regular boxes.
Re:Scalability. (Score:2)
If you mean two different ranges within the same subnet, that's what I eventually wound up doing, but I couldn't get it to work with two different subnets. See my reply here. [slashdot.org]
Don't use a virtual adapter. (Score:2)
But a secondary address should be able to handle it as the initial request will go to the primary address, an address will the issued, and future updates will be seen on that same card, but via the secondary address.
Re:Me too (Score:5, Insightful)
Problems with IPV6 (Score:2)
http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]
IPV6 is being led by fools that are convinced that IPV6 is solely "a matter of time". Fact is, they have no transition plan, and until they do, they're going to continue to get laughed at.
I have recommended on numerous occasions that the simplest solution is to freeze the IANA and require TCP and UDP services publish their ports i
Re:Me too (Score:2)
It works, it is the only solution anyone has offered that isn't a kludge like NAT (which is problematic to say the very least) and it is probably sufficiently large that we will not run into address shortages unless we develop faster-than-light communications and colonize other planets and/or systems.
There's no part
Are we ready to surrender anonymity on the net? (Score:4, Insightful)
Yeah this looks like a serious privacy issue that most people haven't woken up to yet.
A MAC address is (usually) a globally unique identifier. How long before someone big builds a database relating MAC to user identity (Microsoft, your ISP, law enforcement, whoever).
At that point, no matter where you connect your laptop from, your traffic can be identified as yours. Be it for the purpose of advertising, tracing communication, or other data mining.
So the question is, are we ready and willing to surrender anonymity on the net?
Re:Are we ready to surrender anonymity on the net? (Score:4, Insightful)
1) With a static IP, especially if you have a DNS name to go along with it, you leave just as big of a footprint, if not more. (Since I've only got the one directly addressable IP, I might as well get a name to go with it, right? And then use something like DynDNS? Well, unless I register by proxy, I have to give my name, address, phone, etc...)
2) MAC address, while theoretically static, can easily be changed in most OSes and hardware. For example, my LinkSys router has an option to "clone MAC address" in the setup. The problem with changing your MAC address is that the prefixes indicate the vendor, and that might get you in trouble with someone who "owns" that prefix. (I doubt it though)
3) There is nothing preventing you from NAT'ing IPv6, and I suspect some people probably will simply for the quasi-deny-all-in firewall effect. Moreover, if you really want to be anonymous, IPv6 makes it much easier to implement things like "onion routing" because it's a lot easier for individuals to set up persistant servers.
The point is, you can control the "MAC" portion of the address, and the "public" portion is just as visible (or not) as with IPv4. Hell, you could change your MAC address every coupla minutes for a REALLY long time without ever repeating one if that's what you wanted. (Persistant connections be damned...)
No, they aren't. (Score:3, Informative)
No, they aren't. IP packets are incapsulated in ethernet packets for local hops. Ethernet packets contain the mac address in the header, but these aren't delivered end-to-end unless both ends of a connection are in the same subnet.
In IPv6, it is envisioned that machines could use their mac address for the last 48 bits of their IP address so that they can claim a unique address within a subnet without a dhcp request, but this is only one possible convention. The
Re:Me too (Score:2)
Of course the request is broadcast everywhere, and running two DHCP servers on the same physical LAN can't work. I only want to run one DHCP server, and have it assign IPs on different subnets depending on MAC.
You can use use VLAN aware equipment and OS and have isc-dhcp listen on the two vlan NICs.
This has been suggested to me. In this particular case, I don't have any VLAN switche
Re:Me too (Score:2)
This isn't the only way to approach addressing in ipv6, but yeah, it is one.
Something I don't get... (Score:3, Interesting)
Yes, ipv6 still has a ways to go, but I honestly think it's a much better alternative than sticking with what we've got. We're going to have to do somethinga bout it anyway, since there are plenty of people already starting to use it, or will be in the future.
Re:Something I don't get... (Score:4, Insightful)
Re:Something I don't get... (Score:5, Insightful)
I am sick of this argument. (Score:2)
- Having direct connections to the web for each terminal is more expensive than having them all behind the NAT
- You can't trust your employees to keep a secure environment
Thus, corperations have no need or desitre to have all their terminals directly connected to the internet. Thus, they don't need IPv6. Thus, the va
Re:I am sick of this argument. (Score:2)
They'd all still go through a IPV6 Router replacing the NAT box. So you replace one piece of equipment, but the rest (LAN + computers) is identical.
"- You can't trust your employees to keep a secure environment"
Then get one which only admins can configure.
No, wrong. (Score:3, Informative)
Lots of companies which are big enough to have their own Class-A allocations assign all of their clients globally routable addresses. I can tell you this from personal experience.
They don't use personal firewalls, obviously, and I have no idea why you think this is related. Using a personal firewall at the client level has nothing to do with IP address allocation or NAT. You can assig
Two reasons. (Score:3, Insightful)
#2. Cheap and easy way to block worms and such.
Re:Two reasons. (Score:4, Insightful)
#1 is nothing but a direct consecquence of the current shortage of IPv4 addresses. Under IPv6, there'd be no reason why every device on your network couldn't get a separate "real" address. The way they're handed out -- using a hierarchy instead of finite blocks -- would allow your ISP to let your home DHCP router hand out globally addressable IPs if it was set up correctly. Assuming your ISP doesn't suck, that is, and that's really not the fault of the IP system, one way or the other.
#2 is pretty frightening, because it shows a misunderstanding of what NAT is and a certain amount of laziness about security in general. That said, there's no reason why you couldn't get a 'firewall in a box' that would provide just as much (or as little) security without the NAT facility. It's just that right now when you go and buy a "home firewall" from Linksys, it almost always includes NAT by default (because of point #1, the pressure by ISPs on home users to only have one IP address due to limited supply). There's no reason why this needs to be true, however, and the security comes from the firewall effect and not the address translation itself.
Re:Something I don't get... (Score:2)
1) Most default NAT configs will actually prevent internal networks from the trivial overflows that just scan IP address blocks.
2) Most default NAT configs will work with existing or very inexpensive gear, meaning there's almost no cost involved (other than 'time').
3) NAT doesn't require renumbering existing services.
4) NAT allows conservation of IPV4 at a corporate level; a
Here s abetter question, for you (Score:2)
What is wrong with having to go through a VPN login procedure to access these types of services? Whats the big deal? You log into the NAT
Re:Here s abetter question, for you (Score:2, Interesting)
It's a matter of people saying "but I don't want to change!"
I'm excited that I could have a chance to reserve a person IP range for myself. I'm excited that the cost of IP addresses would fall because they are no longer a commodity. Why can't we realize that this gives
"IPv4 loyalists" (Score:5, Insightful)
Re:"IPv4 loyalists" (Score:5, Insightful)
The real question though is "Do we really want to wait until the old system finally breaks and nothing works anymore before making the change?". The old system still works, but we know it won't work forever, and we know we need to change it. Why wait till it breaks?
(Obligatory car analogy) When you put gas in your car, there's still gas left in it, so it can still work. Yet you don't wait till you go dry to put some more gas in.
Hope you're not an aircraft mechanic. (Score:3, Insightful)
your car in for complete engine rebuild if the engine
is running fine.
While this may be true for your car, it's definitely not true of a helicopter, or a generator at a power plant, or any other important piece of machinery.
Would you still fly on an airline if that was their attitude towards maintenance? "Nah, we're not going to tear down that turbine...it hasn't failed yet!"
I think perhaps you should reevaluate the importance of the Internet to our society
Re:"IPv4 loyalists" (Score:5, Interesting)
All told, I'm not convinced that there are that many people who genuinely have "no reason" to shift to the new system. All I am convinced of, so far, is that there are plenty of people who have absolutely no reasons at all but plenty of excuses. Let's look at something, here. Say Comcast converted its entire cable network to IPv6, would you care or even notice? Probably not. Their routers hide their network from your computers, so your computers wouldn't see the difference. It would be
Re:"IPv4 loyalists" (Score:3, Informative)
Security: IPv6 mandates IPSec (which encrypts ALL streams, ALL of the time, so contextual information can't be used for cracking as it can with SSH or SSL streams, which are generally only used for specific segments of a transaction).
Overrated. IPv6 mandates IPSec support, but it's still an overengineered protocol that's a bitch to configure. Works okay for VPN-like scenarios, but will never work with random hosts you've never talked to before.
Authentication: X.509 within IPSec and the use of
Re:"IPv4 loyalists" (Score:3, Informative)
It's called DHCP Prefix Delegation. I might as well explain how it works.
Right now the ISP is granted a block of addresses and they assign one of those to the end user. The end user setups a NAT firewall/rou
Peer routing (Score:3, Informative)
The topology [elmundo.es] helps, as the IPv6 backbone developers have realized you can't have a horrible design and expect it to work.
The problem is not with customers of a peered network (as their pr
Re:"IPv4 loyalists" (Score:3, Interesting)
who the hell uses GRE for tunneling any more??
*ahem* no comment
there are no websites on it
There are starting to be more and more websites with dual v4/v6 addresses. You notice it more once you start using IPv6 all the time, because there are a lot of broken systems where the site admin
What's in a name? (Score:2, Funny)
Maybe it will be IPv7 by the time it's adopted.
Better yet, why not name it IPv2005, so everyone will have to take it up by the end of the year lest they be left behind? Sure sounds better than IPvXP or IPvVista, doesn't it?
Average people (Score:2)
One Reason Alone is Enough (Score:5, Insightful)
I, for one, will welcome the end of the NAT kludge.
Re:One Reason Alone is Enough (Score:3, Insightful)
I, for one, will welcome the end of the NAT kludge.
And your ISP will charge you for each Address you use!
NAT let's you use ONE IP from you ISP and have as many Internal IPs as you which without being gouged.
Re:One Reason Alone is Enough (Score:2)
Re:One Reason Alone is Enough (Score:2, Interesting)
Re:One Reason Alone is Enough (Score:2, Insightful)
Re:One Reason Alone is Enough (Score:3, Insightful)
The ISP problem is one of artificial scarcity, which is exactly what IPv6 relieves. The only reason they charge in the first place is that IP's really are a limited commodity,
Re:One Reason Alone is Enough (Score:2)
You know that one of the working assumptions of IPv6 is that your ISP can change your netblock prefix at any time, right?
Reasons to use NAT (Score:2, Insightful)
Even if the cable and dsl companies all switched over to IP6, and there were $50 routers and switches available, there is still reason to use NAT.
Re:Reasons to use NAT (Score:3, Informative)
All the ISPs I've found charge *per month* per IP for *zero* effort - it's just a cash cow. IPV6 won't change that... they'll charge you per month for a block of 256 or something instead. Then change their TOS so you're not allowed to run servers (if they haven't already).
All this is academic... IPV6 has been around for years and not a single ISP has shown any i
Re:One Reason Alone is Enough (Score:3, Insightful)
Re:One Reason Alone is Enough (Score:3, Insightful)
NAT and simple port forwarding for those rare hosted services are all that 99.5% of the population needs. ISPs and businesses are all different. But even probably 80% of the businesses I deal with, NAT with NO port forwarding works just fine.
Of course if you are allowed and able, running a mail server at home is fun.
But get serious, NAT is an effective firewall for most people. Just like the random Ch
Market Forces (Score:5, Insightful)
Are we really running out of IPv4 numbers? The market will tell us.
Is there a killer app for IPv6? The market will tell us.
Can we ram IPv6 down everyone's throat? The market will retailiate and hit back.
BTW - what's with this "wont somebody please think of the children" bullshit about? If we need to get to IPv6 - we'll get to it - relax already!
Market? Or cynical manipulation? (Score:5, Insightful)
In other words, by keeping IPv4, we can sell NAT boxes (which we're already selling in huge numbers.. the wireless network hub in my den is a prime example.) Cisco has a big investment in building hardware to take care of IP space limitiations.
"You will still be able to get addresses, if you pay for them, because a market will appear."
In other words, this damned internet isn't making us enough money, because IP addresses are free. We want people to start trading them, so we can get commissions on the sales.
It's clear that this is "good buisiness" for the big internet companies: why invest in a new system that will make users's lives cheaper and easier when we can continue to sell patches on the old stuff, and make a market so that we can start charging the freeloaders?
It's also clear to me that the only way IPv6 will get adopted is if public bodies start using them and demanding their use. For instance, if Internet2, the US military, or all of
I'm no expert, but to my cynical eye it looks not like market forces, but like the usual problems with capitalism exploiting a local maximum and avoiding short-term risk.
----Nathaniel
Patents (Score:3, Informative)
Nobody will say that in public because the US doesn't like industries apparently conspiring together against a patent holder but you will hear it in private.
Re:Market Forces (Score:3, Informative)
However, it's been clear ever since IPv6 was i
obligatory (Score:2)
Nobody likes to do an IP renumbering, but why forego progress to preserve the status quo? We already use IPv6 for internal stuff, but since there's little adoption, it isn't more than a novelty. I hope that with the explosion of embedded systems, we'll start to see more folks interested in adopting IPv6.
Three Items: Vista, Home Autmation, and Search. (Score:5, Interesting)
MS is developing Vista to enable programmers to push Home Automation. One thing they are doing is adding in that area is the functionality for IP's to securely be handled like a plug and play device. This isn't for printers on a network; it's for all the appliances in your house. IPv4 just doesn't work well for home automation. Also another sign is the majority of GE prototypes all are geared towards IPv6 not IPv4.
The regional specs that come with IPv6 are also huge things for MSN, Google, and Yahoo. It will allow your search (and Ads for that matter) results for a "pizza place" to give you the ones in your area without any additional info.
Vista will start the ball rolling, and the other two items will make the transition come very quickly. Security is also nice, and will help stop allot of traditional hacking, but the end user doesn't get excited about that. They will get excited about the other stuff though.
Two years from now we will start to see IPv6 becoming very common.
The IPv4 scarcity issue is a myth (Score:5, Funny)
Geoff Huston's changing story (Score:4, Interesting)
In July 2003, Geoff said that IPv4 addresses will run out in two decades [potaroo.net].
About two years later, Goeff says that IPv4 addresses will run out in just one decade [potaroo.net].
So, if even very anti-IPv6 folks are saying that IPv4 addresses will run out sooner than expected, I think it is time to start preparing to the conversion.
NAT Separation Good??? (Score:2, Informative)
Re:NAT Separation Good??? (Score:3, Informative)
NAT is a pretty bad thing. Unfortunately the IPv6 people haven't considered the requirements for managing that large of an address space except by hierarchy (which breaks as soon as you want to have a backup link to another ISP), so I fear we'll still have to have NAT in an IPv6 world.
Re:NAT Separation Good??? (Score:2, Interesting)
WSIS, I wonder if this will be discussed... (Score:2)
Demand (Score:2)
The question people should ask is what type of device/application will emerge such that everyone wants a new global IP address (or 10)? Consider that if it were not for email and por
Accountability and economy... (Score:2)
Backwards compatible? Er... yeah. (Score:2)
Is this true? I was under the impression that the compatibility more or less ended at the socket API. Is the v4 address space actually mapped in to the v6 address space now so that hosts with v4 addresses are automatically capable of talking v6 if there is a v6 path?
No? That's what I thought. No, you have to go buy (cha-ching) seperate v6 space a number all your servers and routers with two seperate addresses,
Re:Backwards compatible? Er... yeah. (Score:5, Interesting)
It's actually similar to how the x86 archetecture has advanced. When we moved up to 32-bit CPUs, in order to access the upper bits, new registers were created to address those upper bits while the lower ones stayed. An older 16-bit program would merely only use the lower bits, ignoring the upper ones since it wasn't designed to use them.
IPv6 allows for the last 32 bits to be used as an IPv4 address. You can even write out an IPv4 compatible IPv6 address using a combiniation of both hex and dotted decimal. eg: 0:0:0:0:0:FFFF:129.144.52.38 which in IPv6 can be compressed to
Say I have an office with 500 devices that need net connections. Now I also have a remote office with another 200 devices. These devices all like to connect to each other.. with various servers and services on each that make using NAT translation a PITA, but also buying 700 IPv4 addresses is mighty expensive. Now most of these devices are for internal use.. (I'll get to that). Now we do have 5 web servers that need to be accessed by people outside of the company (sales servers with web pages to sell stuff or show off our company). We give all 700 devices IPv6 addresses so that they can access each other over the internet. We give those 5 that need to be seen by everyone IPv6 addresses that have IPv4 mappings so that everyone can see them. We can get a few IPv6 addresses with IPv4 mappings to act as a NAT-like access point for internal devices to get to external IPv4 places for say viewing web pages or the like from internal machines.
But now one has to think.. why would we need 700 externally accessable devices? Isn't that a security nightmare? Managing all of them so that they don't get hit by a worm or such could really suck... but why do those devices have to be computers? What about VoIP phones or something similar?
I currently manage a VoIP setup that I implimented and support myself, and let me tell you.. NATs SUCK for VoIP. SIP hates it.. works half the time and the other half no go. If two devices are behind NATs, plain and simple they cannot talk to each other. If they have external addresses on most phones you can just dial straight to the IP address of another VoIP phone without even needing an intermediate server.. which can be handy at times.
It's just a minor example and I'm sure it can be picked apart and made to work on IPv4 (I've been doing such). But the time/cost savings of IPv6 along with just the mirade of possibilities it brings shouldn't be thrown aside because it would be "too hard" or "too expensive". The cost isn't as high as a lot of people think.. most are just afraid because they don't know anything about IPv6 and what you can do with it in reguards to IPv4. And of course no one knows, because no one is going to train in an area that has no use currently, which will remain that way until people educate themselves in it.
Why doesn't Slashdot support it yet? (Score:5, Funny)
Re:Why doesn't Slashdot support it yet? (Score:5, Funny)
Re:Why doesn't Slashdot support it yet? (Score:3, Informative)
NAT is not the answer! (Score:5, Insightful)
You have to go to all kinds of lengths (using special session border controllers, media proxies, etc.) to be able to support SIP calls where one or both parties are behind a NAT. It is awful. NAT is a hack--a useful one in certain situations, but still a hack.
Two big issues (Score:3, Insightful)
Worst case, folks will figure out how to get by on 1-2 ip addresses, or pay more than the $1/month or so to get an extra. There are TONS of unused, unrouted addresses out there through the entire hierarchy, from subnets, class b's etc.
Second, IPv6 and you can what? If I run IPv6 only, I need to at some point tunnel to IPv4 (and often get an IPv4 address anyways) to connect to the rest of the net. If I run just IPv4, I can connect to everything, and the first person who develops google that is IPv6 ONLY is going to have very few users.
In other words, the business case is flat out not there.
Also, I never understood why IPv4 wasn't just a subset of IPv6? Why can't my existing IPv4 addresses also be IPv6 addresses with a standard prefix? Maybe this has changed, but when IPv6 came out it looked like that wasn't part of it.
If my address was a subset, my ISP could create IPv6 endpoints for my address along with the IPv4 routing, even if I hadn't upgraded. They'd just strip the prefix and forward to me.
Re:Two big issues (Score:3, Informative)
They are, the prefix is ffff::/96. In addition, there is 6to4, which lets you use your IPv4 address as a 48-bit IPv6 prefix, 2002:<IPv4 address>/48.
The problem is... who will deploy the first IPv4-unreachable Internet service?
Ahhh APNIC (Score:2)
Oddly enough, I've just recently flat out banned large portions of APNIC from signing up with my email service because I've gotten so many spammers from there ... coincidence? Maybe. In all my dealings regarding spam, they just seem ass-backwards over there.
IPv6 Considered "Production Grade" (Score:5, Informative)
Don't fear, the IETF V6 Operations (V6OPS) team and the IPv6 Forum will continue work to better clarify how to deploy IPv6 and to help build new network services around the new features. Most of the new network services groups in the IETF are basing new services on the features of IPv6 - early examples are Mobile IPv6 (MIPv6) and Network Mobility (NEMO) both of which are being extended to offer IPv4 access through IPv6 tunnels in order to get IPv4 native service through IPv4 NAT.
If you actually have useful comments or design alternatives for IPv6, bring it up in IETF working group mailing lists [http://www.ietf.org/html.charters/wg-dir.html%5D [ietf.org]
Legacy? Lol! (Score:2, Funny)
So get this... (Score:3, Funny)
The Real Truth (Score:5, Interesting)
"We happen to work in an industry that survives on complexity, address scarcity and insecurity," Geoff Huston, senior Internet research scientist at Apnic, said. "This is where the margins come from, and we are not innovators in this industry any more. We've learnt that optimism doesn't create a business case. All those people disappeared along with the dotcom boom," he said.
That is a stupid statement. It would be more accurate to say either "limps along" or "thrives" instead of "survives" in this context. The steam engine industry undoubtedly felt the same way about the internal combustion engine when it was first proposed.
Of course, Ipv6 isn't enough. It's not enough until every atom in the Universe can have it's own unique IP address, after which we can discuss the strings that create them.
Oh, so many comments.... (Score:5, Interesting)
These are two distinctly different things. Nat takes one public IP address and translates it to many private IP addresses. THese are not two competing technologies, and you can use NAT with an IPv6 address. In reality, there isnt a debate here. Its a weak argument for those that want to keep things whe way they are.
IPv4 addresses an a commodity
Greedy Fuckers. Pure and simple. The basic interenet and all its various little noodly bits were created but university and governmetn organizations and then just loosed on the planet essentially for free. Yes, you had to buy some hardware to use it, but the shit works without you having to pay for a damn thing but your connection.
I have nothing against the idea of capitalism where you get paid for something you create, but hoarding a commodity that is out there for the collective good as a whole is just shitty. In very few cases is there a justification for the belief that "I must make ALL of the MONEY and IT MUST HAPPEN RIGHT NOW and YOU CANNOT HAVE ANY."
As an added bonus, this sort of behavior helps keep the "have nots" in the "have not" category, which just generally pisses them off unnecessarialy.
needing a publically available address
No, obviously we all do not have to have public IP addresses - not yet, anyway. Saying you don't now or never will shows a pretty big lack of foresight. You don't KNOW that there wont be an application that needs publically available addresses to work well andd that NAT just won't cut it. Why don't you know? Becuase someone will eventually come up with sommehting new, and it'll be good and important. People always do, eventually.
I realize that if you really wanted to have everything you own connected to the internet you could just use NAT and then if you wanted to talk to your refridgerator you sould just use "the fridge port" but its adding a level of complexity that could possibly get in the way of something on down the line.
This would slow down address scanning worms, neh?
if a worm's gotta look at giant chunks of addresses to find other victims, wouldnt this just slow down their epread a little?
then again, what the fuck do i know?
"The IPv6 Mess" (Score:3, Informative)
Re:I'm still waiting... (Score:2)
Re:IPV6 128 bit addresses make no sense (Score:5, Informative)
128-bit addressing isn't really necessary -- but it makes life really simple. With IPv4, you have a subnet mask (that AFAICT, 90% of people never quite understand) that tells how much of your address is devoted to the local subnet, and how much isn't. With IPv6, this has simply been fixed at 64 bits apiece, so using it, nobody ever has to figure up a subnet mask again.
A better question would be to turn this around: what would we really gain by reducing the addresses from 128 bits to 64 bits? We'd save 128 bits per packet. Even over a 28.8K dialup line, that's approximately 4 milliseconds per packet. However, IPv6 increases the maximum packet size you can reasonably use, so unless you really need to send lots of tiny packets, its addressing overhead may well be lower than with IPv4. In most cases, you gain a bit, and even in the worst case you lose very little.
If you're doing things like VoIP, IPv6 helps a lot more: in IPv4, QoS was hacked on after the fact (and has never really worked very well), but in IPv6, it's part of the base protocol.
Personally, I think we need to consider the source of TFA: Cisco and APNIC. Cisco is the leading provider of IPv4 routing (etc.) equipment by a wide margin. APNIC derives it "power" largely from the scarcity (and therefore value) of IP addresses.
A shift to IPv6 gives other router manufacturers a much better chance of gaining market share over Cisco -- about the best Cisco can hope for is to maintain their current position, but in reality they're likely to lose at least a little. Cisco has only to look at what happened to Lucent when the market shifted from ATM to IP to see how badly a technology shift can hurt even a huge market leader.
APNIC stands to lose even more: rather than a chance of losing market share, they face a near certainty that a large part of their power base simply ceases to exist.
Looking at it from this (admittedly cynical) direction, what are the chances that they were going to write an article in favor of IPv6, regardless of its merit?
--
The universe is a figment of its own imagination.
Re:So how do I get PI addresses for IPV6? (Score:3, Informative)