IPv6 Challenges and Opportunities 315
1sockchuck writes "Opinions differ on when the Internet will run out of IPv4 addresses, prompting a wholesale transition to IPv6. In recent videos, John Curran of ARIN provides an overview of issues involved in the IPv6 transition, while Martin Levy of Hurricane Electric discusses his company's view that early-mover status on IPv6 readiness can be a competitive advantage for service providers. Levy's company has published an IPv4 DeathWatch app for the iPhone to raise awareness of the transition."
corpspeak to english dictionary (Score:5, Insightful)
According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."
Re:corpspeak to english dictionary (Score:5, Funny)
According to my copy of the CorpSpeak to English dictionary "challenge" and "opportunity" both say "See 'problem'."
Yes, but there are subtle differences. For example, when they speak of challenges, your corporate overlords are telling you there will be massive layoffs soon. However, when they speak to you of opportunities, it means you personally will be laid off immediately.
marketing speak = teh suck (Score:4, Insightful)
"Challenges" means problems. "Opportunity" = cool features.
Features of IPv6:
Every known star in our universe can now have 252 ip addresses with ver6.
My frigging socks can tell me they need to be cleaned via a script. My shoes can use GPS to track where I'm going, how many miles I walked/ran that day, etc.
Problems of IPv6: Screw it, we'll just nat our existing IPv4 addresses.
Re:marketing speak = teh suck (Score:5, Insightful)
This, this, o-this-ily-this!
Also I think proponents of IPv6 also tend to overlook the value of DNS. Human short-term memory only has so much space in it. IPv4 addresses tend to be hard to memorize, ergo DNS puts an easy handle on it.
In an IPv6 world you get this memory problem magnified in a huge way:
1) The addresses are now ridiculously long.
2) There's not supposed to be any such thing as NAT (which also means your practice of always having your inside router be x.1 now gets more complex)
3) Many things that don't REALLY need addresses are now going to get them, because we have so many, so lets just go crazy.
To recap, many minor devices will all have a very-long, unique address, and each will be difficult to fit into brain-space alone, let alone together.
This scenario only works in a fully-DHCP world, which is fine for some, but I'll keep my static IPv4 for as long as possible, thanks.
Re: (Score:2)
Are you familiar with how IPv6 actually works? Yes, addresses are now very long--good thing that DNS works with IPv6. (The failure of most implementations to support A6 records is a shame, but AAAA does the job fairly well.) You can still have your "inside router" be :1 if you like, and hey, why not give everything an address--what's the downside?
Re: (Score:2, Funny)
You can still have your "inside router" be :1 if you like
You seem to be assuming a non-shared address space. Do you work for IBM?
Re:marketing speak = teh suck (Score:4, Insightful)
What do you mean by "non-shared"? When you get an IPv6 connection, they don't hand you a single IP address; you get a /64 or a /48, depending on the connection type.
Re: (Score:2)
What enforcement of subnetting recommendations are going to be in place to ensure this happens?
ISP's monetize these addresses now. Who will force them to stop?
Re:marketing speak = teh suck (Score:4, Interesting)
Re: (Score:2)
That same competition exists under IPv4.
Re:marketing speak = teh suck (Score:4, Interesting)
No it doesn't, at best there are 4,294,967,296 available IPv4 addresses, in reality there aren't nearly as many since the entire network isn't one huge subnet. With IPv6 there are 3.4*10^38 addresses. There is no real competition in terms of "we give you your own class C" vs "We give you one address" when it comes to IPv4 because most ISPs can't actually hand out addresses like they're candy. With IPv6 an ISP would have no problem whatsoever handing out a /64 to each customer since they'll have a shitload of /64s to hand out.
/Mikael
Re: (Score:3, Insightful)
***That same competition exists under IPv4.***
Note to self. We are said have meaningful competition in digital communications that provides all sorts of benefits. Organize expedition. Try to find it/them. Surely there must be some way to profit from discovery of something that rare.
How? We can worry about how to profit once we capture one or more competes (or whatever the hell the singular of competition is) and persuade it/them to breed in captivity.
Re:marketing speak = teh suck (Score:5, Insightful)
Where the fuck do you live where you have more than 2 viable choices for an ISP?
What universe do you live in where the "competition" would realistically compete on this feature?
Re:marketing speak = teh suck (Score:4, Interesting)
I haven't counted, but I think I have *at least* 6 ISPs to choose from --- Not counting wireless, of course. North of Copenhagen, nothing special. And none of them seems to be able to deliver an unblocked port 25 (just inbound would be cool, I can relayed outgoing no problem). Sad, right?
Re: (Score:2)
Where I live out in the rural boonies, you might think my choices are even more limited than yours. But really, I have quite a lot of choice in ISPs.
I can get dial-up from several providers. I can get IDSL (my current setup) from a few (using Speakeasy). I can get a T1 with service from any of about 6 ISPs. I can get HughesNet satellite service.
True, some of these options cost a lot of money, like T1 service (from $300 to $1200 per month). But I do have choice.
If you live in a city I am sure that you actual
Re: (Score:3, Informative)
Try Temuco, Southern Chile. I know lots of people getting their internet via long distance wireless Bridges, 20, 30 miles out of town. Lots of people with Sat systems in the really rural area. The government provides sat systems to schools that are 2 days horseback ride in to the mountains.
Still, knowing the rural United States, our choices and speeds of ISP's here is likly larger. Many of my family in rural parts of the United States just got off of dial up internet about a year ago.
Re:marketing speak = teh suck (Score:4, Informative)
Where the fuck do you live where you have more than 2 viable choices for an ISP?
Try anywhere outside of the United States. I live in The Netherlands and I've only got one choice of cable ISP. But I have about 4-5 options for DSL.
//BEGIN Advert
An article I wrote a couple weeks ago makes plain how important competition is in the ISP market. http://metafarce.com/index.php?id=24 [metafarce.com]
//END Advert
Re: (Score:2)
It would really be cool if they did away with DNS after switching over to IP v6.
Precisely.
Re: (Score:3, Informative)
There are currently 32 bits allocated for IPv6 subscriber connections. An entire datacenter only needs one of those, contrasted to a /23 or larger now.
What you go to with a /48 prefix (which is the standard ISP subscriber size) is a network with 16 subnet bits and space for an effectively infinite number of hosts in each subnet.
Re:marketing speak = teh suck (Score:5, Insightful)
I'm not sure I'm following you here, so what you're saying is that instead of Joe Q. Sysadmin always having his internal router be 10.0.0.1 and all the hosts having 10.x.x.x IPs tied to hostnames he'd have something like 2001:1001:f00f::1 as the router and all hosts would be in the same subnet? Yeah, that's really scary and confusing...
Also, NAT is an ugly hack that doesn't really need to exist, the packet filtering can be handled with a plain old packet filtering firewall just like it used to be done prior to everyone using NAT and what exactly is the point of address translation? Isn't that like going back to pre-IP days when every network seemed to use its own protocol (or in this case, everyone uses local addresses internally and a single or small number of external addresses) and inter-network communication was a PITA?
And I'd rather see devices that don't need public addresses getting them than "The amazing NAT future" where you have to pay big bucks to get a public IP address instead of being stuck in NAT hell (first they came for the residential connections, but I did not speak up because I wasn't running a home server or playing games, then they came for the small business DSL customers but I did not speak up for I was not running a small business and finally they came for the corporate customers and we ended up paying thousands of dollars per server to avoid getting thrown off the 'net)...
/Mikael
Re: (Score:2)
You're separating the issues, because they're are trivial alone. That's understandable. That isn't what I'm driving at.
When you combine 'everything with an address' with 'NAT needs to die', then 'Joe Q. Sysadmin' will not be allowed to select his own IP addresses. Without an assigned and shared address space, these notions are incompatible.
Do you follow now?
Anyway, the point was, how do you go about memorizing them?
Re: (Score:2)
The point was, you don't go about memorizing them, you use DNS.
And why exactly (1) does 'Joe Q. Sysadmin' need to select his own IP addresses and (2) can't he with IPv6? I can't just decide to give my server the address 127.48.7.12 or 234.122.9.31 with IPv4, but that doesn't mean that I can't assign one within my address range.
Re: (Score:3, Insightful)
I can't just decide to give my server the address 127.48.7.12 or 234.122.9.31 with IPv4, but that doesn't mean that I can't assign one within my address range.
Using NAT, you absolutely can. You're sacrificing the ability to communicate with those addresses in the wild, but that option definitely exists today.
And why exactly (1) does 'Joe Q. Sysadmin' need to select his own IP addresses and (2) can't he with IPv6?
He doesn't need to. He may want to. He has that option today.
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past a
Re:marketing speak = teh suck (Score:4, Interesting)
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
/Mikael
Re:marketing speak = teh suck (Score:4, Interesting)
He doesn't need to. He may want to. He has that option today.
You can assign IPv6 addresses manually to your heart's content as long as you have a block assigned to you, but for client machines there is rarely a reason to do this (just like how you normally don't go about handing out static IPs to every workstation, you set up a DHCP server (or many depending on the size of your organisation) and hand out dynamic addresses to most machines).
/Mikael
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
Re: (Score:3, Interesting)
I never do. I set up DHCP with static addresses for the known computers, and dynamic for the guests. So much easier to ssh between machines with proper ip addresses and names.
And... what's stopping you from doing that with ipv6?
Re:marketing speak = teh suck (Score:4, Informative)
I don't operate under the assumption that ISP's are going to hand out blocks of IPv6 addresses any more readily than they hand out IPv4's. I understand that others do. I'm not sure why they do, but since it is a futuristic sort of thing, we'll just have to wait and see. Looking at their past and present behavior, anticipating charity is dubious at best. In fact, NAT rose to popularity out of this exact same behavior. Not out of some ephemeral need to create more address space.
On this point, economics actually favors handing out at least /64 subnets: Not only does advertising at least a /64 permit stateless autoconfig (which significantly reduces management costs), but routing smaller subnets is more expensive because the route can't fit into a 64-bit machine word or CAM slot.
Re: (Score:3, Insightful)
The point was, you don't go about memorizing them, you use DNS.
LOL. And network admins, those who are tasked with setting up and maintaining DNS, or those just doing occasional reverse lookups, do their heads just explode?
In the real world, people use IP numbers in a number of different ways, and for just as many reasons, have committed many to memory. You don't have to be a network admin, for example, to know what is behind 192.168.1.1, or that 4.2.2.1 is open for lookups.
This doesn't mean it's impossib
Re: (Score:2, Insightful)
Re: (Score:2)
Also I think proponents of IPv6 also tend to overlook the value of DNS.
1) The addresses are now ridiculously long.
I'm confused - first you say that IPv6 proponents "overlook" the value of DNS, meaning that they don't understand its significance. Perhaps you meant to say the opposite - "overstate," perhaps?
2) There's not supposed to be any such thing as NAT (which also means your practice of always having your inside router be x.1 now gets more complex)
Why would this have to be any different? Instead of getting a single or small block of IPs from your ISP, you'll get an entire subnet (or two, or 256). You can keep your router at .1 (or :1) if you'd like.
3) Many things that don't REALLY need addresses are now going to get them, because we have so many, so lets just go crazy.
While it opens up the opportunity to give more devices their own addresses, it doesn't require it. If you're like
Re: (Score:2)
or companies that want a large network of sensors in their factory without having to deal with private IP routing hell
Exactly the reason that a current customer of mine is rolling out IPv6 across the national enterprise. With a little help from ptrtd [litech.org], troubleshooting at corporate headquarters can even talk specifically to equipment that doesn't speak IPv4.
It is true that IPv6 was not designed with old-school networking geeks in mind - I share your concern about IPv6 addresses being difficult to remember.
Please explain what you mean; I've found that IPv6 networking tends mostly to eliminate the nightmarish hassles that IPv4 had (classful addressing FTW), and remembering addresses isn't hard once you get used to the scheme. You have a 48-bit prefix that you simply know (
Re: (Score:2)
I'm confused - first you say that IPv6 proponents "overlook" the value of DNS, meaning that they don't understand its significance. Perhaps you meant to say the opposite - "overstate," perhaps?
Dotted addresses suck, ergo DNS. Longer dotted addresses will suck even more. Good thing we still have DNS.
Clearer now?
Why would this have to be any different? Instead of getting a single or small block of IPs from your ISP, you'll get an entire subnet (or two, or 256). You can keep your router at .1 (or :1) if you'd like.
It won't shake out this way. ISP's aren't giving you that many addresses now, and many (if not all) limit and/or upcharge-for the quantity assigned. It isn't difficult to imagine scenarios where is doesn't matter, to be sure, but this kind of convenience is something that NAT has allowed us to take for granted.
While it opens up the opportunity to give more devices their own addresses, it doesn't require it. If you're like me and you don't want your fridge to have an IP address, then don't buy a network-capable fridge. However, for those that want networked fridges (or companies that want a large network of sensors in their factory without having to deal with private IP routing hell), they'll have the option.
I'm thinking about what DirectTV here. These kinds of devices get to become
Re: (Score:3, Informative)
It won't shake out this way. ISP's aren't giving you that many addresses now, and many (if not all) limit and/or upcharge-for the quantity assigned. It isn't difficult to imagine scenarios where is doesn't matter, to be sure, but this kind of convenience is something that NAT has allowed us to take for granted.
I believe that the registries are requiring the provision of /64s and /48s to end-user connections. Even if they weren't, the ISPs would provide at minimum /64s, since most networking equipment can't handle routing prefixes longer than /64 in hardware--i.e., routing anything longer than /64 is more expensive.
You're referring to 'non-ameteur' admins with a voice of authority, yet you cannot avoid being confused over how DHCP allows you to set these addresses once instead of many times over?
IPv6 isn't IPv4. You can use stateless autoconfiguration to find that router, no DHCP needed. The advertisement can also include information on DNS servers. If the DNS servers and default gateway ar
Re: (Score:2)
Which means on a "pure" IPv6 network with no firewall controls in place at the router an attacker can easily nmap every single box on your private network, then start running targeted attacks against every single thing
FTFY
ipv6 routers will be no different than their ipv4 counterparts now, except that the concept of nat will be eliminated. you will still have to allow specific services through to specific machines from the wan side. you'll just be able to allow more machines to have more services with ipv6, since multiple machines will be able to be presented to the outside world on port 80, port 443, or port 25.
Re: (Score:2)
Not to mention that IPv6 has no security whatsoever in its design. Any form of encryption is either a bolt on, or goes on a higher layer, such as how SSL and SSH ride on top of TCP. On the IP layer, there isn't any standard form of encryption.
Not trying to troll, but what do you need encryption on such a low layer for? I prefer managing this on the protocol or application layer so I can always use the appropriate level and form of encryption.
Of course, we all know about IPv6 and NATs. If you want to hide your internal network, you put it on IPv4. Which means on a "pure" IPv6 network an attacker can easily nmap every single box on your private network [...]
There is nothing to stop you from filtering incoming connections at your router/firewall. This has nothing to do with NAT.
IPv6 was thought out by people who have -zero- clue about security and the scumbags that IT people battle against on a daily basis. [...]
I do not think that the IP layer is the appropriate place for dealing with most of these threats. How would you solve the attacks that you mentioned - POD and so on - on this layer?
The mo
Re: (Score:2)
First, cute little troll, I'm going to point out a few flaws lest someone takes you seriously.
Not to mention that IPv6 has no security whatsoever in its design. Any form of encryption is either a bolt on, or goes on a higher layer, such as how SSL and SSH ride on top of TCP. On the IP layer, there isn't any standard form of encryption.
IPSec [wikipedia.org] was originally developed specifically for IPv6. 'nuf said.
Of course, we all know about IPv6 and NATs. If you want to hide your internal network, you put it on IPv4. Which means on a "pure" IPv6 network an attacker can easily nmap every single box on your private network, then start running targeted attacks against every single thing, from the router with the last year's firmware to the Linux box that wasn't patched in six months.
NAT != Firewall. What you want is a firewall that blocks incoming traffic to those addresses that aren't supposed to accept incoming connections. NAT means "Network Address Translation" and that's exactly what you get, it translates addresses and keeps track of connections.
The rest of your post seems to have been mostly pointless filler and hyperbole
Re: (Score:3, Funny)
Hmmm.... Every known star in the universe with it's own ip address. Now I think that the promise of cloud computing is finally starting to dawn on me!
Re: (Score:2)
Yea, but the latency will kill you.
Re: (Score:2)
If I wanted to network my socks, I could do so at the moment with a VPN. I'm not going to want them to be publically routable anyway.
You can get things that track where you are going, and how many miles you've walked / run etc. They don't even need an internet connection, never mind a publically routable one.
Not a problem for some (Score:2)
Big Media might like that a lot. That's not a bug to them but a feature.
ISPs resorting to shoving most people behind NATs is a feature for Big Media, because it breaks P2P.
I know it would break WoW updates and other stuff too, but I'm sure Big Media would consider that an acceptable sacrifice.
It may help produce an Internet that's more like TV or a broadcast medium. The billions of users only being able to get content from a few mil
Re: (Score:2)
Just as soon as companies figure out how to monetize scriptable socks, we are going to see some serious IPv6 action.
IpV6 reality check (Score:5, Informative)
Dan Bernstein has chimed in on this before:
http://cr.yp.to/djbdns/ipv6mess.html [cr.yp.to]
He is basically dead right.
The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.
-paul
Re: (Score:3, Interesting)
Since this rant, google has actually gone IPv6 for IPv6 ready ISPs.
http://www.google.com/intl/en/ipv6/ [google.com]
By no means is the internet IPv6 friendly, and a lot of the points Dan makes are good ones, but he fails to offer any solutions either.
Re: (Score:2)
Not really.. They don't index the ipv6 address space and 90% of the google pages are still ipv4 only.
The key is indexing ipv6 sites. Until google start that they haven't 'gone ipv6' at all.
Re: (Score:3, Informative)
He is basically dead right.
Umm, about what? He trots out a bunch of hypothetical problems that people have been cheerfully ignoring because they don't manifest in reality. IPv6 is here and working today, even if Dan didn't want to believe it possible.
Re: (Score:3, Insightful)
They do manifest in reality: They are why I don't have an IPv6 address: It's to much work for too little benefit. It can be worked around, but it's just more work, and wouldn't really get me anything.
Basically all he is saying is 'accept an IPv4 address as an IPv6 address'. Which would mean that 'upgrading' would be as simple as getting software that can handle being sent IPv6 addresses. (Which basically everyone's already got at this point.)
Instead at the current situation you have to figure out how and
Re: (Score:2)
So, in the current situation, everyone who switches to IPv6 needs to be a network engineer. Because it's a complicated setup at the user's endpoint. Guess how long it'll take Grandma to switch then.
Actually, it requires almost no setup. The problem isn't Grandma, it's Grandma's (US) ISP. If the IPv6 connection appears from upstream (and it's advertised by the router, no client configuration needed--not even DHCP), it's available for use.
My student ACM chapter once inadvertently leaked router advertisements for our IPv6 connection onto the building's main network and hijacked most of the Web traffic as the machines saw our connection and automatically (and transparently to the users) started routing
Re: (Score:2)
Of course it was a problem in this circumstance; we had a cable plugged into the wrong socket! However, my point is that IPv6 deployment doesn't require hand-editing config files buried deep inside your system; if a router shows up and starts advertising, IPv6-enabled systems can start using it without the machine's users' even having to be aware that it's there.
Re: (Score:2)
Instead at the current situation you have to figure out how and were to get an IPv6 address,
If they're using an IPv6-enabled ISP, that's a non-event. It really does Just Work.
and either keep an IPv4 as well (and switch between the two as the situation demands) or work out how you are going to talk to the 90+% of the world that doesn't have an IPv6 address.
Why wouldn't you keep both, out of curiosity? Almost every machine on our corporate LAN uses both protocols. I enable it on the router and the various servers and workstations just started using it without any additional configuration.
Either of those require extra work, for every person trying to connect to the network.
Where "extra" approximates "no".
Re: (Score:2)
People keep saying we're running out of IPv4 addresses. If we can go around keeping IPv4 addresses it would mean we aren't really running out of IPv4 addresses
Re: (Score:3, Insightful)
Grandma will upgrade to IPv6 when her ISP says your modem needs to be replaced or they have a tech swap her cable modem. The layman argument does not hold water in every situation. Most laymen will plug in their new IPv6 router and not even configure a password, let alone worry about routing tables, etc.
That's like saying grandma can't change her own brake pads, so we'll just let her grind her rotors down. Grandma will just goto a mechanic or in this case, her ISP which is staffed with NETWORK ENGINEERS. It
Re: (Score:2)
Which, as far as most ISPs are concerned, is ideally never.
Re:IpV6 reality check (Score:4, Informative)
So, in the current situation, everyone who switches to IPv6 needs to be a network engineer.
That's bull. End users don't need to know or do anything. At this point, all we really need is for ISPs to provide IPv6 and the rest will happen without users doing -- or knowing -- a thing.
Yes, the network works, but there is no decent upgrade plan.
Also crap. The upgrade plan is for IPv4 and IPv6 to coexist for a few years. Users deal with DNS names, not IP addresses, and applications and resolvers already transparently look for both AAAA and A records and use the AAAA records if available. All of the major OSes have solid IPv6 support in place -- if you don't believe me, install a radvd server on your home network and notice how *instantly* all the machines on your LAN have IPv6 addresses (heck, they all have link-local addresses now) right next to their IPv4 addresses. Of course, if your ISP set up support for IPv6, you wouldn't have to do anything.
The only reason that IPv6 won't currently work for most people even if their ISPs support it is that their current NATing router appliances don't support it properly. But if ISPs implemented v6 support, Linksys, D-Link, etc. would start rolling out devices with proper IPv6 in their firmware. With enough users on the v6 network, web site admins, etc., would add v6 support and AAAA DNS records, which the v6-enabled users would instantly (and transparently) begin using.
The transition plan is solid, and works very well in practice (as you can verify by using Hurricane Electric or another v6 tunnel provider). What's lacking is the ISP motivation, and being able to use a v4 address as a v6 address wouldn't change that at all.
Re: (Score:2)
Why wasn't it that simply, an IPv4 would have "contained" N amount of ipv6 addresses? That would have been so much more easy to understand.
That's actually an option that you can turn on if you like; it's called 6to4 [wikipedia.org], and it maps each IPv4 address to a /48 block of IPv6 addresses.
Re: (Score:3, Insightful)
Really? Ok, then. I have a Linux box connected to a Netgear router providing NATted connections, itself connected to a cable modem that goes out to Comcast, who provides my pipe and is my ISP. Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
If you can't tell me how, than Dan's "hypothetical problems" are very real indeed.
As far as I can tell, what people have been "cheerfully ignoring" is IPv6.
Re: (Score:2)
Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
Switch to an ISP that provides IPv6 (you're surprised that Comcast is behind the times?), or spent 5 minutes enabling an IPv6 tunnel [tunnelbroker.net] to someone like Hurricane Electric from your Linux box.
Re: (Score:2)
And I should switch from a provider that has provided me with fast, reliable, if somewhat pricey, service because?
(Yes, I know that a lot of people have had really bad experiences with Comcast. And the few times I have had trouble, their customer service has not impressed me. But, by and large, I have indeed had very little downtime from them; that's something I count on, in my job among other things, and I am not inclined to leave it behind)
Or, if I get the IPv6 tunnel with Hurricaine Electric, I expect
Re: (Score:2)
I expect that will involve HE charging me. What will I be getting for my money?
You expect wrong.
Re: (Score:2)
It's free, but don't expect reliablility... routed IPV6 is definately the way to go.
Of course actually implementing routed ipv6 is rather technical. You get an ISP that does it.. great.. now find a modem that does it.. that's either hacked linksys or a cisco, or a linux box talking PPPoE to a bridged modem like I have - these require knowledge to set up. Then setup RA, which isn't automatic (you need to pick a network from your ISP supplied /48 since RA only works on a /64).
*then* it's plug and play. Mos
Re: (Score:2)
> ...now find a modem that does it.
If it knows about IP numbers it isn't a modem.
Re: (Score:2)
> It's free...
Thank you for that. I had heard of the service but never checked into it because I assumed there was a charge (after all, they call themselves a "broker").
Re: (Score:2)
I have a Linux box connected to a Netgear router providing NATted connections, itself connected to a cable modem that goes out to Comcast, who provides my pipe and is my ISP. Comcast ISP, by the way, does not support IPv6. If IPv6 is here and working today, I should be able to use it. How do I do that?
Your main obstacle is Comcast, who has announced that they are going to begin providing v6 support.
If you want to, you *can* work around them, by using a v6 tunnel provider (like Hurricane Electric). The configuration is not hard, but isn't something Grandma could do (not my Grandma, anyway).
When Comcast begins providing IPv6 addresses, if you connect your Linux box directly to the cable modem, you'll instantly have access to the v6 network, without losing access to the v4 network. They coexist seamle
Re: (Score:3, Informative)
Re:IpV6 reality check (Score:5, Insightful)
The people who came up with IPv6 seemed to be too ivory tower: they forgot about
the reality on the ground. Few ISPs are even thinking about IPv6.
Amen to that. But I don't see an academic angle so much as an ILEC angle i.e., IPv6 is being handicapped by large telcos, large ISPs, legacy netblock owners and their proxies in order to drive up fees for IPv4 addresses. The threads on new fee structures, in mailing lists like arin-ppml, make this obscenely clear. IPv4 netblock owners are salivating over the potential for profit from what should be a public resource.
Only thing more disappointing than ARIN's failure to either reclaim unused IPv4 netblocks (and there are plenty of those, both large and small) or speed the adoption of IPv6 is the DOC and FCC's failure to foresee the damage, both economic and to communications, which the coming address shortage will cause.
Re: (Score:2)
Sorry, but while several of the issues he mentioned are major changes, there are well-thought-out reasons for them. All the criticisms could have been leveled against the upgrade to IPv4 as well.
First off, he pretty much ignores the dual-stack transition plan, which is what I've always seen in place for business systems. Precisely because IPv6 is a separate address space, you don't have to roll over from IPv4--you can run them both. Thus both clients and service providers can upgrade and take advantage o
Re: (Score:2)
Yes, the transition would have been smoother had there been a clearer standard for IPv4-to-IPv6 address mapping, but IPv6 does work fine, thank you, and the upgrade is happening largely through aging out of older systems.
XP doesn't really support ipv6 nicely. It does work but it's certainly not easy. Windows Me, 98, and 95 are still a big part of internet hosts. When you say, "the upgrade is happening," do you mean that in 10 years, none of these hosts will exist? Considering that XP is still included on many new computers (dell and lenovo still offer XP on all business class computers, for example), and pretty much all netbooks, I'm not so sure about that.
IPv6 works fine, sure. So does token ring.
-Dan
Re: (Score:2, Troll)
And you will noticed that six years later, 99%+ of the Internet *still* doesn't use IPv6. Maybe he was on to something...
IPv6 is the protocol of the future (Score:5, Funny)
...and always will be!
for crying out loud ... (Score:2)
august 2009 [slashdot.org], december 2008 [slashdot.org], august 2007 [slashdot.org], jan 2006 [slashdot.org], july 2005 [slashdot.org], jan 2004 [slashdot.org], feb 2003 [slashdot.org], feb 2002 [slashdot.org], may 2001 [slashdot.org], july 2000 [slashdot.org], july 1999 [slashdot.org], may 1998 [slashdot.org]
thank the US government (Score:3, Informative)
US government contracts are starting to require IPv6 support. This is the main reason I'm seeing for IPv6 adoption. If it weren't for the government, we would all be keeping our heads in the sand until the internet starts slowly failing and Goldman Sachs starts selling remaining IPv4 netblocks to speculators.
Re:thank the US government (Score:4, Insightful)
And that's what they're getting: IPv6 support. You're getting set ups that *could* run IPv6. They don't, but they could.
Re: (Score:2)
I can't tell whether this post is a joke or not.
Current deadline, in case anyone's interested (Score:3, Informative)
"As of April 2008, predictions of exhaustion date of the unallocated IANA pool seem to converge to between February 2010 and May 2011"
Re: (Score:2, Interesting)
Does that take into account universities and large companies giving back all the class A ip addresses they have that were initially given out back in the day?
(I'm genuinely asking, I don't know)
Re: (Score:2)
The Wikipedia page on IP address exhaustion [wikipedia.org] discusses this at some length. The Cliff-notes version:
1. There are blocks of under/non-utilized addresses that could be reclaimed, as well as reserved addresses that could be re-purposed.
2. Accomplishing the above would require a lot of investigation (into current usage) and/or reprogramming routers (which were designed with the current addressing system in place).
3. At best, the exhaustion date would simply be postponed.
It seems to me like more trouble than it's
Re: (Score:2)
Here's a link [potaroo.net] to the latest projection (wikipedia's out of date) which is updated daily. It explains how the estimate is made, so have a read if you're interested (I confess, I'm not)
Anyway, current guess is July 2011.
Re: (Score:2)
Does that take into account universities and large companies giving back all the class A ip addresses they have that were initially given out back in the day?
Why the heck would HP, Apple, and every other publicly-traded company with /8s give back address space when they could lease it? (I'm also genuinely asking)
Re: (Score:3, Interesting)
Problem with that prediction is it's bollocks.
The potaroo exhaustion counter that these dates come from hasn't changed significantly in the last year that I've been following it. It dips somethimes to 650 days or so, then climbs over 1000 days sometimes.. but the average stays around the 700 mark.
If the prediction had been remotely accurate when it said 700 last year it should be at around 350 this year, and it just isn't.
Readiness test checklist (Score:4, Insightful)
OK, here's a handy checklist to see if IPv6 is ready for prime time:
Use case: access a common web site (e.g. Slashdot) entirely by IPv6 packets: .org DNS server): CHECK .org DNS node via IPv6 packets (lookup slashdot.org address): ???
1) Look up host's IP via IPv6 packets:
1a) Access a root DNS node via IPv6 packets (look up
1b) Access
2) Access slashdot.org via IPv6 packets:
2a) Route IPv6 packets from my computer to "the Internet": FAIL
2b) Route IPv6 packets from "the Internet" to Co-Lo facility: ???
2c) Route IPv6 packets within the Co-Lo to Slashdot's servers: ???
When you (a presumably technically skilled user) can do that, then IPv6 is ready for the masses.
Re: (Score:3, Informative)
1B)
% dig any org @a.root-servers.net
; > DiG 9.7.0a2 > any org @a.root-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 4577 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;org. IN ANY ;; AUTHORITY SECTION:
org. 172800 IN NS B2.ORG.AFILIAS-NST.org.
org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
org.
Re: (Score:2)
If slashdot went ipv6 then presumably so would their DNS service.. so 1 and 2 are somewhat linked. .org is already on ipv6.
2a works for me.
2b works provided the Co-Lo is ipv6 aware, and that implies 2c.
It's up to slashdot to pull their finger out and implement the damned thing.. it's not the fault of ipv6 they haven't. This is geek site.. if they don't do it why expect anyone else to?
Re:Readiness test checklist (Score:4, Interesting)
I can do everything in your list just fine -- if you pick a web site that actually supports v6. There is no AAAA record for slashdot.org. Were Slashdot to configure their servers for IPv6 and add appropriate AAAA records, then it would be reachable. Of course, most sites don't bother with v6 support, because few users have v6 addresses, which is because most ISPs don't support v6.
When the ISPs move, everything else will follow.
What, again? (Score:5, Funny)
2002 called. They want their impending-IPv6-transition stories back.
I'm sorry but (Score:2)
Re: (Score:2)
Is milking v4 for all it's worth more profitable than going to v6?
Re: (Score:2)
until consumer routers support IPv6 it's a dead protocol
Then it must be doing pretty well, since Apple's Airport Extreme router has it enabled by default and even configures a working tunnel for you. Cue grumbling about "but other routers don't!" in 3... 2... 1...
Re: (Score:3, Informative)
Apple's market share for routers is tiny compared to Netgear and Linksys. I'm one of the 8% or so of people who uses a Mac, but it talks to a Netgear router.
Re: (Score:2)
Re: (Score:2)
We need IPV7 (Score:2)
The thing that gets me... (Score:4, Interesting)
...is that even new devices don't support IPv6, even when they're in entirely controlled address spaces.
For example, why the hell don't, for example, cell phones internet capabilities have IPv6? I mean the IPv6 routing would seem exactly designed for cell phones, devices external to the network don't need to reach them, and it's a frickin closed system with device upgrades fairly quickly. If we can't even use IPv6 in closed systems like that, it has failed.
The reason, of course, is because IPv6 is, in fact, an EPIC FAIL in actually working, because no one apparently bothered to figure out any sort of actual transition for it.
It's like, if instead of self-driving cars, they invented self-driving micro-monorails and expected us to buy them. But, don't worry, they have a handy monorail carrying rack we can install on top of our car that not that hard to set up so we can carry our monorail to the monorail tracks fifty miles away.
D. J. Bernstein is an ass, but he's right about this.
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place. Any router that talked to devices that didn't understand IPv6 could just 'dumb it down' to IPv4, and, they should eventually do the same in reverse!
We could actually include a bit in the packet that upconverted IPv6 packets get, so we could keep statistics on how many packets were IPv6 their entire distance, and how many got converted down and back up at some point. So we could see what networks are actually switching out their equipment, and see what misconfigured gear thinks it's talking to IPv4 devices when it's talking to IPv6, so it needlessly converting. (IEEE 802.2 specifics a way to autonegotiate IPv4 or IPv6 using the EtherType, but it might not always work, and it's only for Ethernet anyway.)
At some point, as routers and OSes got replaced, large amounts of traffic on the internet would end up being IPv6 their entire distance, and at that point we can start assigning the IPv6 addresses that don't have a equivalent IPv4 one.
And, incidentally, we should keep the IPv4 network operational forever. 95% of the people can give their IPv4 addresses back, and as people stop connecting IPv4 devices, routers and whatnot will lose the ability to speak to them but there will still be some devices that cannot be upgraded, some embedded device that speaks only IPv4 or whatever. The company should be able to keep an IPv4 address, and require people to install one of the routers that can still upconvert in front of the device, and it gets routed over the internet and back just like anything else, because, for almost all the trip, it's IPv6. There would be no reason to ever turn off the subset of IPv6 that is IPv4.
Instead we invented a new fucking network that doesn't interact with IPv4 at all. Yes, yes, you can get IPv6 versions of IPv4 addresses, but routers and OSes do not automatically translate them. And it's actually against the rules for someone to try to contact a IPv4 server 'over' IPv6. They have to use their IPv4 address, like there should be a difference.
Re: (Score:2)
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place. Any router that talked to devices that didn't understand IPv6 could just 'dumb it down' to IPv4, and, they should eventually do the same in reverse!
Technically speaking, this is still possible using mapped addresses. The problem is that IPv4 addresses don't map onto IPv6 addresses; only a small subrange of IPv6 addresses can be handled this way.
Previous address expansions (Score:4, Interesting)
IPv6 should have been built by changing the damn format of the packets, but using the exact same IPv4 addresses with a specific prefix, routed exactly the same place.
Yes, that's what was done the last two times the address space was upgraded.
When ARPANET IMP addresses went from one byte to two bytes, to allow the number of nodes to increase beyond 256, the old addresses retained their 8-bit value, with a new prefix.
When the ARPANET was extended to the Internet, the two byte IMP address was the low two octets of the IP address, and the first two octets were 10 and 0, so IMP addresses converted to IP addresses as [10.0.xxx.xxx]. And that's where "network 10" came from. When the ARPANET went down, it freed up that address space for other uses.
But we have DNS now.
try it tonight (Score:5, Informative)
Ok kids. Go home tonight and turn ipv6 on. I know you're all running homebrew linux nat routers.
Here's all you gotta do.
Install radvd. It's a Router Advertisement server. Router Advertisements are how your LAN clients learn what the hell their IPv6 "prefix" is. You're going to use something clever called 6to4, which basically converts your public ipv4 address into the first half of your ipv6 address. You plug that information into your radvd configuration, and voila, all your LAN clients can learn their unique global ipv6 address. Then you just run a little script, which turns up the 6to4 tunnel on your linux nat, and all of a sudden, all your LAN clients have globally routable ipv6 addresses! And once the v6 stack fires up, your computers will try resolving AAAA records, so you might even get to visit some v6 websites!
You're not strictly running native ipv6, since 6to4 is a tunnel to an anycast server (dont worry, there's plenty of them sharing the same address). It emulates pretty damned close though. Enough for you to try it out!
Here's the thing that keeps blowing my mind. Remember back before NAT? The Internet was actually symmetrical back then. Any host could contact any host. Well, it's restored. I keep forgetting I can literally contact ANY lan host from remotely, using its v6 address. Security nightmare? You betcha. Restored services? Makes up for it! Maybe I can figure out what a firewall is, after all!
Sure, there's tunnel brokers out there too... don't waste your time with all that. 6to4 is quick and easy, and it works fairly faithfully. By the time a tunnel broker OKs your info, you could be pinging already with 6to4.
Oh yeah. That malarkey about "ooh my address is so long, it's just not worth it" -- My address is 2002:xxxx:xxxx::1 through ::5. Also, a few weeks ago they released an interesting workaround to memorizing ip addresses, called "The DNS". As ominous as that sounds, it's actually pretty clever and I've been enjoying it for a while.
And yes, ::1 is easily guessable and that makes it hackable. So please, no nmapping the 2002:xxxx/32 subnet tonight. (At the rate of 2^96 pings per second, it should be done by next century)
Re:try it tonight (Score:5, Informative)
here's one way of setting a 6to4 tunnel up. i squished some semicolons in cause it's pasting funny.
#!/bin/bash
# Create a 6to4 tunnel in linux.
if [ $# -eq 0 ]
then
echo "Usage: $0 [delete]";
exit;
fi;
ipv4=$(ifconfig $1|grep "inet addr:"|awk '{print $2}'|awk -F: '{print $2}');
ipv6=$(printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`);
echo "ipv4 address: ${ipv4}";
echo "ipv6 address: $ipv6";
if [ "$2" = "delete" ] /sbin/ip link set dev tun6to4 down /sbin/ip -6 route flush dev tun6to4 /sbin/ip tunnel del tun6to4 /sbin/ip tunnel add tun6to4 mode sit ttl 255 remote any local ${ipv4}; /sbin/ip link set dev tun6to4 up; /sbin/ip -6 addr add ${ipv6}/16 dev tun6to4; /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1;
then
echo "IPv6 tunnel has been deleted."
exit
fi;
if ping6 -c 1 he.net 2>&1 1>/dev/null
then
echo "Verified IPv6 connectivity.";
else
echo "Can't ping IPv6 network.";
fi;
Re:try it tonight (Score:4, Informative)
For those without a Linux router:
sudo aptitude install miredo
sudo invoke-rc.d miredo start
ping6 -nc 1 ipv6.google.com
PING ipv6.google.com(2001:4860:a005::68) 56 data bytes
64 bytes from 2001:4860:a005::68: icmp_seq=1 ttl=58 time=29.9 ms
lynx --dump http://ipv6.whatismyv6.com/ [whatismyv6.com] | head -n 5
This page shows your IPv6 and/or IPv4 address
You are connecting with an IPv6 Address of:
2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Re: (Score:3, Informative)
Teredo isn't 6to4.
It works through NAT, which actually makes it even easier to use than 6to4. Thanks for pointing it out! 6to4 is more of a site tool, and Teredo is a client tool.
A pack of Luddites, honestly! (Score:5, Insightful)
Every time something on IPv6 comes out, there's a thundering herd of people who've never used it but are certain that it's awful and won't ever work. What's wrong with you people? Do you feel threatened because you're used to being the networking expert among your clique and don't want to lose that reputation? If not that, then what is it that's making you sneer at a cool new technology without even trying it first?
I'm not addressing people who tried to make IPv6 work but had problems along the way, or who otherwise had bad experiences with it. That's totally understandable and I'm not going to tell such a person that they're wrong. I am talking directly to the people who've read old articles talking about why it won't work, or who are trotting out the same tired, invalid reasons to dislike it.
Here's what you need to know about IPv6:
I think that about covers it. There's no reason to be afraid of IPv6. If you haven't tried it, give it a shot before bragging about how smart you are for recognizing that it can't work. Again, if you've tried it and had problems, I can understand why you're leery of the idea. If you haven't at least used a free tunnel to see what IPv6 is like, though, then you don't have a lot of room to comment on the subject.
I am excited. (Score:3, Funny)
I can't wait for the day I get home from work in my flying electric car to play Duke Nukem Forever against my friends over my new IPV6 connection.
Re: (Score:2)
Under IPv6 will I still be able to block posting access to my Japanese discussion site from African/Russian 419 scammers? I have a nice list of IP addresses that are automatically sent an empty http response when they try to become members. I used to give them a chance but every single one turned out to be a scammer so now I just block whole regions outside of Japan. (And luckily most aren't smart enough to bother with a proxy.) Will I still be able to do this under IPv6?
Yes, you'll just need to know their