Major 'Net Players Mulling IPv6 Whitelist 158
netbuzz writes "From this week's IETF meeting in Anaheim comes word that leading Web content providers are talking about creating a shared list of customers who can access their Web sites via IPv6. The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4. David Temkin, network engineering manager with Netflix, says: 'We're looking into the same service that Google has, where we will try to track what connectivity the user has. We're in discussions with Google, Yahoo, Netflix and Microsoft to see whether it makes sense to have a shared, open source DNS whitelist service.' ISPs are not wild about the idea."
Single page story link (Score:2, Interesting)
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/032610-dns-ipv6-whitelist.html&pagename=/news/2010/032610-dns-ipv6-whitelist.html&pageurl=http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html&site=printpage [networkworld.com]
ISPs are not wild about the idea. (Score:5, Insightful)
If ISPs would get their heads out of their asses "this idea" would not be needed.
Re: (Score:3, Interesting)
I'm not sure what you mean by the ISPs having their heads in their asses... Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offerin
Re: (Score:3, Interesting)
How so?
If ISPs rolled out proper v6 connectivity, this whitelist simply wouldn't be necessary. That's "how so".
Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go.
Then they shouldn't grumble and whine because people decide to workaround their broken networks, should they?
Re: (Score:2)
If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go.
The main reason why you want IPv6 is so that you could communicate client to client (VoIP, P2P, gaming, etc.). IPv6 provides basically no real advantage if all you want to do is communicate with a big service (youtube, google, etc.), as NAT and proxies mostly work just fine for those cases.
So yeah, ISPs could provide the benifits of IPv6 right now, even when all the big services are still running IPv4 only.
Re:ISPs are not wild about the idea. (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
What makes you think people won't still use stateful firewalls with IPv6?
Re: (Score:2)
Please correct me if I'm wrong, but with IPv6, deep inspection of the packets at the firewall should be impossible because of IPSec.
Re: (Score:2)
The main reason why you want IPv6 is so that you could communicate client to client (VoIP, P2P, gaming, etc.). IPv6 provides basically no real advantage if all you want to do is communicate with a big service (youtube, google, etc.), as NAT and proxies mostly work just fine for those cases.
Multicast...
Re: (Score:2)
Multicast doesn't automatically get deployed with IPv6.
Multicast across providers is an unsolved problem, quite possibly an unsolvable problem. Just forget about it, it's putting intelligence in the network and the whole point of the Internet is that the routers are stupid.
Re:ISPs are not wild about the idea. (Score:5, Insightful)
Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked off of it.
ISPs who are deploying IPv6 want to just get the AAAA records, and not have to jump through hoops to get on a whitelist. But the providers worry about people who have crappy home gateways that fall over and die when they get AAAA records, and also about people who have devices on their networks advertising IPv6 connectivity, when they don't actually have it. One presentation in that meeting set the number at about .8% of users, which they felt was too many.
Personally, I think they should just turn on the AAAA records and let the customers who have broken routers see that their routers are broken and fix them. But it's a rough tradeoff--IPv6 has at times gotten a bad rep for being the cause of network problems, and so network no-nothings tend to tell you "IPv6 is the problem" when in fact it's bad code on embedded devices that's the problem. Since disabling IPv6 "fixes" it, IPv6 gets the blame. That's the rationale for the whitelists, and as much as I hate them, I can't say that this rationale is completely wrong.
Re: (Score:3, Insightful)
Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked of
Re: (Score:2)
Personally, I think they should just turn on the AAAA records and let the customers who have broken routers see that their routers are broken and fix them.
If you were Google, would you be willing to sacrifice 0.7% of your users just to be an IPv6 pioneer? They'd be gaining less than 0.01% of users who are IPv6 only.
Re: (Score:2)
I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points.
But IPv6 is coming whether they like it or not. There's no stopping it, and the closer we get to the available IPv4 pool drying up the less time they'll have to implement IPv6.
Sh!t or get off the pot? It's time to do both.
Not a "whitelist" (Score:4, Insightful)
This is the mother of all cookies.
Re: (Score:3, Interesting)
Just wait until the tinfoil hatters realize that by default IPv6 stateless autoconfiguration puts your globally unique MAC address in the second half of your IPv6 address...
Re: (Score:2)
Re:Not a "whitelist" (Score:5, Interesting)
LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*
Re: (Score:2)
Case in point, about 10 years ago I had a friend who worked for a School for the Blind (they had more than just blind kids there at the time) and they set up a network using off the shelf components from a local (big name) electronics store. Though each machine worked fine on it's own, they couldn't get anything to work on the network. After hours of trying different things out they found out every single network card they bought had exactly the same MAC address. As soon as they returned them and went to a
Re: (Score:2)
Re: (Score:2)
Very interesting. Especially since the store in Question was a Fry's...
Re: (Score:2)
MAC addresses are _mostly_ unique, which is plenty to cause privacy concerns. The fact that some manufacturers use duplicate MACs isn't going to appease the tinfoil hatters.
RFC3041 will, but people have to actually implement it and use it by default.
Re: (Score:3, Informative)
LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*
Not to mention a lot of NIC drivers let you specify your own MAC address.
Re:Not a "whitelist" (Score:4, Funny)
Yes, a cookie that says you get your connectivity through an ISP that's on the whitelist. Ooh, scary! :')
The issue is metadata (Score:2)
Maybe nothing but the IP address is stored on the list, but any additional data stored on the list is essentially a cross-site cookie.
Re:The issue is metadata (Score:4, Informative)
How do you get on this whitelist?
*You* don't get on the whitelist. Your ISP gets on the whitelist, by demonstrating they have functional v6 network connectivity. Once that's done, the ISP is added to the whitelist, and thereafter, any DNS records resolved using the ISPs DNS servers will include AAAA records from participating content providers.
For example, Hurricane Electric entered just this sort of agreement with Google. As such, anyone using HE's DNS servers get Google's AAAA records, and so because I use HE as my tunnel broker, I get access to Google via v6. However, Google knows nothing about me in particular.
Re: (Score:2)
Your ISP gets on the whitelist, by demonstrating they have functional v6 network connectivity. Once that's done, the ISP is added to the whitelist, and thereafter, any DNS records resolved using the ISPs DNS servers will include AAAA records from participating content providers.
This all seems completely pointless to me. There is no harm in including the AAAA records in all replies - if you have no IPv6 connectivity then your software will simply fall back to the A record (which would also be supplied).
Sure, if your machine's routing table is screwed so it thinks it can reach the server's IPv6 address when it can't then things will break, but that's just tough shit - if your configuration is completely broken then you shouldn't complain when things break badly.
Re: (Score:2)
Sure, if your machine's routing table is screwed so it thinks it can reach the server's IPv6 address when it can't then things will break, but that's just tough shit - if your configuration is completely broken then you shouldn't complain when things break badly.
Google loses about 0.7% of requests if they turn on AAAA's. Sure it's the fault of the customer, but that's real money lost for them.
This doesn't have to last long (Score:3, Insightful)
Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.
Re: (Score:2)
whitelist by prefix instead of endpoint address
I'm sure they have a reason for it... (Score:5, Insightful)
The article doesn't make it particularly clear what that might be though. The closest I found was:
Which seems like a no-brainer to me: Fix the tunnel. I don't even understand how the whitelist might help that -- if the whitelist says "This user has IPv6 connectivity" and you have a broken tunnel either you don't get the content at all, or you still only see the content after a 30-second wait.
The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.
Re:I'm sure they have a reason for it... (Score:4, Informative)
The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.
It's actually worse than that. Currently many people have routers at home that send out v6 router advertisements despite not actually having IPv6 connectivity. The result is that many people end up with v6 addresses, and when those machines then try to connect to websites that advertise AAAA records, they end up with long delays as the browser first attempts a v6 connection, times out, and falls back to v4.
Honestly, try googling for "Ubuntu disable ipv6" some time... it's amazing how many people are struggling with this issue. Which is why so many sites are reluctant to roll out v6 connectivity and AAAA records (even Google doesn't do external AAAA resolution unless your ISP has arranged a special agreement with Google which guarantees proper v6 connectivity (luckily Hurricane Electric has such an agreement, so as long as I use their DNS servers, I get v6 connectivity to all of Google's services)).
Re: (Score:2)
luckily Hurricane Electric has such an agreement, so as long as I use their DNS servers
Very interesting... I have an IPv6 tunnel from HE and I'd like to get that working as well. Is it as simple as pointing your resolver at HE's DNS servers? If so, what are their addresses?
Re: (Score:2)
Very interesting... I have an IPv6 tunnel from HE and I'd like to get that working as well. Is it as simple as pointing your resolver at HE's DNS servers? If so, what are their addresses?
Yup! That's all it takes. Just head to the "Tunnel Details" page for your HE tunnel. On that page is an "Available DNS Resolvers" section, which includes a v4 and a v6 address for their DNS server. Use that as your primary, and voila, you'll get AAAA records for most (all?) of Google's services.
Re: (Score:2)
Re: (Score:2)
Those addresses should be on your tunnel's detail page.
Re: (Score:2)
74.82.42.42
Re: (Score:2)
The problem with Ubuntu is that their patched version of glibc always asks for AAAA records when IPv6 is enabled, regardless of whether the machine has an IPv6 route. Then when a client attempts to connect to an IPv6 host, it times out almost instantly because the kernel reports the lack of route. But that timeout isn't the problem.
The real problem is in the AAAA DNS query itself. This can go wrong in a few ways:
1) The authoritative DNS server is misconfigured, such that it completely drops AAAA queries.
Re: (Score:2)
No idea, I don't have one. All I know is that searches like this [google.ca] indicate it's a real problem for some (well, or, at least, they think it is...).
Though, I must admit, the fact that I can't find specific model numbers is rather... suspicious (I assume it was some model(s) of D-Link, Linksys, etc, router). ie, people definitely blame the routers in various discussion forums, but I've never seen any one router pinned down as a problem. So I could be mistaken. Though the conclusion is often the same: they d
yeah also if you unplug your modem and forget... (Score:3, Interesting)
...to plug it back in again, you get "a bad experience". Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more? Stop being so damn dishonest and come out and admit why you want this whitelist.
Re:yeah also if you unplug your modem and forget.. (Score:4, Informative)
Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more?
Huh? What the hell are you talking about? The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity, or are on a network that claims to have v6 connectivity, but that connectivity as actually broken. As a result, these people get v6 IPs, and then when software tries to connect to websites that advertise AAAA records, they get long delays while their browser times out attempting to connect over v6, at which point it falls back to v4.
Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.
So, please, quit being a paranoid jackass. There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records (right now they don't because they're afraid of impacting the user experience due to this very issue).
Re: (Score:2)
Huh? What the hell are you talking about?
Well, to start off with I made the mistake of reading the fine article:
"There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnelYou end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."
The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity
Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)? What globally routable prefix are these routers advertising exactly, when they're not being assigned one?
Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.
The problem of hundreds of sites advertising AAAA records which timeout? As someone who has had IPv6 connectivity for several years,
Re: (Score:2)
Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)?
I'm afraid I can't give you specific model numbers, but this is a very well known problem amongst content providers mulling the idea of rolling out v6. And we're talking home routers, here, not ISP core routers.
And the whitelist *is* "negotiating with ISPs"... ie, they negotiate, the ISP sets up v6, and voil
Re: (Score:2)
but this is a very well known problem amongst content providers mulling the idea of rolling out v6
The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.
And the whitelist *is* "negotiating with ISPs"...
Erm, yes, that's what I meant by, "negotiating with ISPs to stop breaking IPv6".
ie, they negotiate, the ISP sets up v6, and voila, they're on the whitelist. Problem solved.
If you regard negotiating w
Re: (Score:2)
The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.
Because the whitelist is feasible? The alternative is to break connectivity for (according to these folks)
Re: (Score:2)
The alternative is to break connectivity for (according to these folks) .8% of users while those broken routers are fixed/replaced.
The Internet is regularly broken for .8% of users for a multitude of reasons. Expecting all ISPs on the planet to end up cooperating with a huge Google-borne list is more of a political and administrative burden than inconveniencing .8% of users.
In the next 3 or 4 years every site transitioning to IPv6 will need to do more than just add an IPv6 address one day and remove an IPv4 address at some point down the line. It's not just the issue the article seems to get its panties in a bother over, it's the more
Re: (Score:2)
The Internet is regularly broken for .8% of users for a multitude of reasons.
That's a BS argument, though. The "internet" isn't broken for these people. IPv6 is broken for these people. If a content provider deploys IPv6, suddenly a *new* 0.8% of internet users will be highly annoyed trying to access their site. So, from a content provider's perspective, they can either inconvenience that .8% of users for no real appreciable gain in the short term, or they could just not bother.
The third option is this
Re: (Score:2)
I was stating that 0.8% of people being bothered isn't a reason to create some massive scheme
Clearly the content providers who'd be losing those users completely disagree with you. And given it's their money and their content, and given their reluctance to deploy v6 is one of the primary reasons v6 is going nowhere, it probably makes sense to listen to their needs and attempt to address them. This scheme does that.
Only if your idea of deployment is "add AAAA records then go home", which is a crap approach
Re: (Score:2)
No, it's just a few loud providers who made little effort deploying IPv6 in the first place.
Good lord, you've *got* to be kidding. Google has done more to push v6 than virtually any other content provider out there. And I'm actually a little shocked NetFlix is on board.
Do you have any *better* examples of content providers getting onboard? 'cuz god knows I don't, specifically because of issues like this.
So we have to do X, and they get switched over to more experimental alternatives, rather than having a
Re: (Score:2)
Good lord, you've *got* to be kidding. Google has done more to push v6 than virtually any other content provider out there.
What has Google done to push IPv6, i.e. in what way has it demonstrated feature parity with IPv4 or benefits over IPv4? The fact that Google is considered at the forefront is a sign of how little /anyone/ has done in the public space - and it hasn't done more than any number of content providers, smaller ISPs [linx.net] (that's the way to do it!), etc which already are involved in IPv6.
But, to answer your question, why not start with the sixxs coolstuff [sixxs.net]? Note in particular that multicast is demonstrated, and that prom
Re: (Score:2)
In the video [linx.net] as linked to in my other post, note in particular around 32 min, when this guy - whose business provides the best native consumer IPv6 connectivity in the UK - points out how awkward Google were with him.
Re: (Score:2)
What about it? That video just illustrates precisely what this coalition is trying to deploy, as Google has been doing this for a while now. Again, is it annoying for the ISP? Yeah. I just don't care, that's all.
Frankly, I find it funny that guy doesn't understand why Google is being so cautious. Then again, he isn't in the business of making money based on eyeballs. Google, meanwhile, stands to lose real dollars if someone decides to, say, switch to Bing because Google's AAAA records cause that perso
Re: (Score:2)
What about it? That video just illustrates precisely what this coalition is trying to deploy,
Sorry, what? The video illustrates how an ISP arrived at the stage of providing good native consumer IPv6. Yet Google, which has done no such thing for any consumer, thought his efforts not good enough when he tried to get whitelisted.
as Google has been doing this for a while now.
Google has done less for IPv6 than this guy's ISP has. They have:
1. Provided native IPv6 to all their clients, with a level of consumer IPv6 support unrivalled in the UK;
2. Got the biggest ISP wholesaler in the UK to fix their systems to make that possible, and to commit to fu
How much IPv6 Hardware is there? (Score:3, Interesting)
I suspect one significant impediment to implementation of IPv6 on the part of most ISPs is that it would take wholesale replacement of significant amounts of hardware.
Sure, the latest model of a router may support IPv6, but the 200 or so that an ISP has may not and there may be no upgrade path for it. Just like there is no Windows Vista driver for some hardware - too old to bother with - there is plenty of hardware out there that will never support IPv6. Until this is replaced, IPv6 isn't going to happen.
I think we have finally reached the point where new hardware supports IPv6, almost universally. So now we are just waiting until the older hardware is replaced. I suspect larger ISPs are somewhat reluctant to move out millions (and possibly tens of millions) of dollars worth of hardware before they have to.
Of course, they could just raise the rates for everyone to cover it.
Re: (Score:2)
Re: (Score:2)
I would imagine most backbone hardware installed since 2002 has ipv6 capability, along with any residential neighborhoods wired up since 2005 or so. That makes up something like 30% of the US population. There are, however, office buildings full of IPv4 fiber equipment that will have to be replaced some day. As the cost comes down, I would imagine the units they replace will have 10x the capacity of those installed in the early-mid 1990s and cost a quarter of the units they are replacing, even adjusting for
Re: (Score:2)
> That may be true of ISP and carrier level hardware, but consumer level
> routers do not.
Most of which were supplied by the ISPs.
Re: (Score:2)
> That may be true of ISP and carrier level hardware, but consumer level
> routers do not.
Most of which were supplied by the ISPs.
However, *everyone* has known that IPv6 support is going to be desirable (or even required) within a reasonably short time-frame for quite a long time.
I guess it makes some business sense for the router manufacturers to wait for as long as possible to implement IPv6 support, since it will increase sales (all those IPv4-only routers being sold today will need to be replaced with ones that support IPv6 quite soon. If they were already shipping IPv6 routers, no replacement would be necessary == less future sa
Re: (Score:2)
> Unfortunately, whether you're buying a DSL router yourself or getting it
> from an ISP, you're almost certainly not going to get anything IPv6 capable
> today.
Since the "router" in a DSL modem is crap anyway you're better off putting the damn thing in bridge mode and using a seperate router/firewall such as an old pc.
Re: (Score:2)
Since the "router" in a DSL modem is crap anyway you're better off putting the damn thing in bridge mode and using a seperate router/firewall such as an old pc.
Which is exactly what I do - my crappy D-link router periodically loses the default route (the DSL is up and everything, so it won't bother trying to reinitialise, it just doesn't have a default route in the routing table so no traffic can go out over the DSL), so my solution was simply to put it into bridge mode and let my SheevaPlug be the PPP endpoint.
However, the *vast* majority of the public aren't going to want to (or know how to) do this.
Also, using bridge mode requires you to drop the MTU down to 14
Re: (Score:2)
> That may be true of ISP and carrier level hardware, but consumer level > routers do not.
Most of which were supplied by the ISPs.
Exactly. The vendors of all my home equipment have been shipping IPv6 compatible for years. Just waiting on the ISP.
Oh, really? ;) (Score:2)
The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4.
Let me guess, those would be IPv6 addresses? ;)
That obvious joke being made, I will now go read the article as the news blurb is useless, yet sounds interesting.
Not the greatest idea (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Part of the problem is that you may have local network IPv6 connectivity but not Internet IPv6 connectivity. Your application looks up an AAAA record, tries to connect, and fails. Hopefully it will then try the A record (if you use gethostent() then you will do this automatically), but it will have to wait for the connection to fail before doing this, which may take a while.
It shouldn't take a while - your router should be returning network unreachable ICMP6 packets which would cause the connection to fail immediately. If it doesn't, fix your router.
Re:Why do they need a whitelist (Score:4, Insightful)
This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.
You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.
Thanks (Score:2)
Great explanation. I would mod you up if I had mod points today.
Hopefully someone else will.
Re: (Score:2)
This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.
You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.
The ISP shouldn't be handing out IPv6 addresses to normal end-users unless they plan on dealing with outages like they would for IPv4. If they want to "trial" a service that won't remain stable then they need to make sure they only hand out IPv6 addresses to people who have explicitly said they want to be on the trial (i.e. people who understand that they may get poor service, probably people who understand how to drop the IPv6 routes themselves if there is a prolonged outage).
Rather than this "whitelist"
Re: (Score:2)
You and your fancy technology... I'm sticking with Windows 98 and IE 2.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
> apparently IPv6 will work on XP Pro SP1
Maybe so, but it seem to recall that it also included a fatal flaw for IPv6 - something along the line of not supporting DHCP for IPV6 or so. Can you imagine having to type in the local IPv6 address, the gateway and the DNS server? That would take a while!
Re: (Score:2)
DHCPv6 still isn't entirely standardized and lacks many of the features DHCPv4 does still. In practice, I've found DHCPv6 to be a total mess for both Linux and Windows clients, whereas router advertisement (whether from Linux or Windows) works much better and the autoconfigured IPs work fine. Even Windows 2000 supports router advertisement messages if you enable the IPv6 stack I believe.
I really wish there was a better way to combine the two into one service, and why is it not possible for me to broadcast a
Re: (Score:2)
Erm, maybe my certifications are out of date, but how exactly can DHCPv4 advertise routing information (such as your example?). The only routing info you can set through DHCP is the default gateway, which works well even with IPv6. If you need dynamic routing, you'll have to use a routing protocol, and AFAIK, OSPF, RIP, EIGRP and BGP all support IPv6 just fine.
Re: (Score:2)
You tell me how to deploy OSPF, RIP, EIGRP, or BGP in a small business network with branch office VPNs and I'll give you a gold star.
That said, about DHCPv4:
http://www.debian-administration.org/article/Supplying_routing_information_using_DHCP [debian-adm...ration.org]
Defined in RFC3442.
Keep in mind we don't have professional router boxes, there's no room in our budget for a few thousand to drop on Cisco or anything more than a few cheap smoothwall boxes.
Again, this is what I see every time small business networking is involved. Ther
Re: (Score:2)
That was actually interesting, guess I should have googled it before making the snarky comment.
About that Cisco comment though, have you considered buying used? No support, but we have a few smaller clients that went this way and without the whole SmartNET support fees, Cisco gear can be had for fairly cheap. For example, you can get a 24 port 100MB switch for about $120 and a Cisco ASA for around $400, and it's going to be way more stable than any smoothwall box running on generic hardware. Cisco 871 route
Re: (Score:2)
Sorry for the double-reply, but thinking about your situation, wouldn't it be easier to add a static route on your default gateway (whatever it is) and have it route to the other subnets? Having lots of clients each with their own routing table seems like a fairly weird setup to me.
Re: (Score:2)
One of our smoothwall boxes is the VPN and does the routing to the branches via a T1, and the other is just DSL.
I realize we're scraping the bottom of the barrel here in terms of networking setups, but it seems odd to me that DHCPv6 lacks this functionality.
Re:Nice Try but... (Score:4, Insightful)
The real issue I think is, who wants an IP6-only Internet connection? NOBODY. Because despite everything, there's millions of applications and shit that won't work because they assume there's nothing but IPv4. You can pry my IPv4 address from my cold dead hands, being on IPv6 would be very close to being permanently behind NAT - you get out, nothing gets in. And if you're handing out a IPv4 address as well, you've gained nothing. I'm guessing someone at the bottom of some barrel somewhere end up taking it anyway because that's all there is, but it won't be in the first world countries. That is the only way it'll really happen beyond nice bullet points on how we should all go IPv6.
Re:Nice Try but... (Score:5, Interesting)
I want an IPv6-only connection. I want one that works. Because then I can have a global IP address that's reachable, and then I can do peer-to-peer protocols. This is much better than IPv4, where mostly my devices are behind a NAT, and peer-to-peer requires clever device-specific hacks to punch holes in the NAT. This reduces reliability, and in a lot of cases makes simple protocols that ought to work fail. I can't do iChat video with my dad because he's on the far side of two layers of ISP-inflicted NATting. And no, he can't change providers - what they have now is orders of magnitude better than what they had before my mom and several other members of the selectboard in her small town organized a local wireless ISP using an antenna at the top of a local mountain. If they had IPv6 that worked, it would be *much* better.
The problem is that right now IPv6-only connections don't work, because not enough stuff on the network is reachable. That's changing, and this is part of the change. At the recent IETF, there was a v6-only network with a 6to4 NAT, and it worked pretty well, although it turned up a few bugs in a certain vendor's IPv6 stack.
Re: (Score:2)
The problem is that the IPV6 process was done wrong.
The idea from the beginning should have been that except for edge-routers and edge-gateways no machine should ever speak both IPv4 and IPv6.
The process should have gone like this:
Re: (Score:2)
Oh yeah, because that's totally not a messy workaround to a problem that shouldn't even exist in the first place, right?
Re: (Score:2)
Re: (Score:2)
The real issue I think is, who wants an IP6-only Internet connection?
If I could have an IPv6-only network with a SOCKS proxy or NAT-PT for v4 connectivity, I'd love it. IPv4 is such a pain to administer.
Re: (Score:2)
You know that every IPv4 address is by definition also an IPv6 address as in ::127.0.0.1?
Re: (Score:2)
You know that every IPv4 address is by definition also an IPv6 address as in ::127.0.0.1?
That's sort of true, but it doesn't really mean anything. You could use that format to store an IPv4 address locally in an IPv6 data structure, but if you try to put that on the wire, nothing will understand it in any useful way.
Re: (Score:2)
The real issue I think is, who wants an IP6-only Internet connection?
Who said anything about IPv6-only? You can run IPv6 and IPv4 concurrently just fine.
Re: (Score:2)
I worked for an ISP of sorts, for a student campus. Students got free internet (baked into their rent), but not everyone got white IP-addresses. Instead, clients were NAT:ed behind a smaller pool of white ip-addresses, and if you wanted your own white ip, you had to motivate it.
Almost everyone that asked got a white IP, some even got two, but the point was that for the people that didn't care, we saved over-allocating IP:s (we were subnetted and given a range of IP:s from the University).
IPv6 was of course
Re: (Score:2)
Can someone explain this?
Short answer: no.
Long answer: no, because it's a completely idiotic statement, as v6 addresses are, as you say, globally routable.
Re: (Score:3)
Re: (Score:2)
I don't think you're going to see IPv6 on the mobile networks any time soon - the telcos who are rolling out IMS networks tend to be using IPv4. Yes, it's stupid, they are spending millions of pounds replacing their obsolete SS7 networks with obsolete IPv4 networks, but thats where we are.
Re: (Score:3, Informative)
Comcast is doing an IPv6 trial right now [comcast6.net]. Freenet in France has had IPv6 running using 6RD for quite a long time now. You can get IPv6 tunnels from Hurricane Internet [he.net] and Sixxs [sixxs.net]. If you are interested in IPv6, go start using it. Don't just sit there on your (no doubt svelte) ass! :')
Re: (Score:3, Informative)
Indeed! After the recent 1.3 release of m0n0wall, which now supports v6, I rolled out v6 on my home network using Hurricane Electric as my tunnel broker. It was dead easy to set up and works extremely well (particularly when combined with a AAAA-capable free DNS hosting service like Afraid.org... goodbye dynamic DNS, it was great knowing ya). Though I did have to manually set up a script to update HE when my v4 IP changes...
Meanwhile, on the road, I just fire up Miredo (a Teredo tunnel client for Linux a
Re: (Score:2)
Stop blaming the ISPs. The current implementation of IPv6 is for all intents and purposes useless . An IPv6 capable computer cannot talk to an IPv4 capable one. This simple, trivial problem was left totally and utterly unaddressed by the IPv6 designers and as a result, IPv6 is and always will be a downgrade from IPv4 in its current form.
The current "method" of deploy
Re: (Score:2)
Lots of words but all I got out of it was "I like to complain about how stuff is too hard even though I've never even tried it". Running dual-stack is hardly something that's difficult to do, in fact every desktop OS I'm running right now (Ubuntu, Windows and OS X) implements it without a problem out of the box on my home network (NATed IPv4, public IPv6 (firewalled, of course)).
It's not hard and "utter nonsense" if you at least take ten minutes to read up on it.
Re: (Score:2)
You mean the "If the secondary DNS responds faster than the primary then prefer it" issue? Because this seems to be very similar to that bug except instead of primary vs. secondary DNS servers it's A vs. AAAA records. It at least seems the main problem in both cases is that mDNSResponder is trying to be "clever" and breaking stuff.
But for some reason IPv6 seems to work just fine for me so far (kame.net shows the IPv6 version, sixxs.net shows the IPv6 version and when SSHing to hosts on my network (all resol
Re: (Score:2)
Nice idea
But
1) When are ISP's going to get off their Fat backsides and implement IPV6? Most in my part of the world have no plans to do this for 1-2 years.
Mine already has [on.net]. I get Google and Youtube via IPv6.
2) When are the DSL Modem makers going to implement IPV6 in the devices that are sold to the majority of us?
Shame that it ain't going to get a lot of use outside the corporate world.
I'm running native ipv6 over ADSL PPPoE right now (sure, it's a cisco 877..). But there's an OpenWRT custom build [andy.id.au] that does the exact same thing if you have a modem to run in bridge mode. There seems to be an all-in-one router on the way: http://twitter.com/bigjsl/status/11082108182 [twitter.com]
The only problem I've had so far has been Windows 7 not liking newer versions of Cisco IOS - 12.4-24T and 15.0 both have some issue with route advertisment. Funnily enough, ther
Re: (Score:3, Informative)
But why is the PTR so damn verbose?
Delegation without a hack like RFC 2317.