Comcast Activates IPv6 Trial Users 214
Spacecase writes "Comcast announced the first group of trial users have been activated on their IPv6 Native Dual Stack solution. Considering the recent news about IPv4 addresses becoming scarce, this looks to be one of the better solutions to get out of the IPv4 problems."
NT (Score:3)
It's actually the only solution.
Re: (Score:3)
Did you leave out an "A" in the middle of that?
Re: (Score:2)
Your assuming a false dichotomy between choosing dual stack IPv6 or choosing nothing at all.
Embedding IPv4 within the IPv6 address space and allowing for a smooth transition was another option. As a society, we have chosen not to take that option. We have chosen uncertainty, confusion, and NAT instead.
Re: (Score:2)
IPv4 is embedded in the IPv6 address space. What would you have done differently and how would that have made the transition smoother?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
No clue what that means. I run it across my company. Including 6to4 on the internet heads.
Re: (Score:2)
enterprise has been doing IPv6 for years. what's your point?
Comcast really? (Score:3)
Re:Comcast really? (Score:5, Informative)
I have been a comcast customer for 8 straight years now (give or take a few months)
Had the announcement broken 3 years ago, I would have agreed with you, but Comcast is on a long, upward trend in technical competitiveness.
They were the first major ISP to go DNSSEC, I believe, and have done DOCSIS 3.0 rollouts in most of their markets (we get cheap 20/4 service here, with a 50 down option available. Some parts of the service area have 100mbps down.) They also rolled out a bunch of 6to4 servers recently. While 6to4 is not a great technology, it is useful to have ISP servers, since my IPv6 traffic (auto tunneled via an Airport Extreme) goes through my local NOC and not first to wisconsin and then back to silicon valley as was the case before.
They still lag when it comes to technical support via phone, as they assume all of their customers are techno-illiterate, but I have to give them a lot of credit for being on the leading edge when it comes to their network and network technologies.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Interesting)
Re: (Score:3)
They seem like two different operations. The behind the scenes people seem to be good, but their phone support people seem to be entirely clueless and trained to lie as a matter of policy. If they really want to be more profitable, they should try actually performing diagnostics before dispatching someone for inside support when the problem usually turns out to be on the lines outside (which requires a second dispatch to solve, the inside techs aren't equipped for it).
Re:Comcast really? (Score:5, Insightful)
Comcast has a slightly unusual situation. They are so massive that their "control plane" network has exhausted 10.0.0.0/8. That means afaict they are now using public IPs not just for customers but for internal use as well. The space that most ISPs would use to put their customers on ISP level NAT is ALREADY TAKEN for their "control plane" network.
http://www.nanog.org/meetings/nanog37/presentations/alain-durand.pdf [nanog.org]
Given that they have little choice but to go IPv6 for thier internal networks (or "federate" the network but that is a large management headache) before IPV4 addresses run out it is not that surprising that they are proposing to offer it to customers as well.
Where are the routers for IPV6? does comcast mac l (Score:2)
Where are the routers for IPV6? does comcast still mac address lock there modems to one mac? or under IPv6 is there network now setup that you just need a switch and only a router if you need wifi?
Re: (Score:2)
how long ago did you use comcast? this restriction went away longer ago then i can remember. Plug new computer into cable modem and reboot, your done.
Re: (Score:2)
Re: (Score:2)
uh,. no. that's not true.
You have to wait, last i checked, 2-3 minutes for the remote end to forget your old mac address. then you plug the cable back in.
I've had to do this, when swapping from a laptop (for the comcarse support or installation tech), and then as soon as they're gone/done, i turn off the modem, plug it into my linux gateway, and wait a few minutes. then turn the modem back on, and the linux gateway gets an IP immediately.
Re: (Score:2)
"data" isn't the plural of "anecdote", but where I am in the chicago area, that isn't an issue. Before my roommate and I got our router (both of us thought the other was bringing one, then we had to order one off the internet), we swapped out without an issue.
Apple base stations, some D-Links, some Linksys (Score:3)
http://en.wikipedia.org/wiki/6to4#Consumer_routers_with_6to4_support [wikipedia.org]
http://www.comcast6.net/ [comcast6.net]
Apple's base stations are certified IPv6 ready, which means not only do they work with IPv6, but they have it on by default. The others might require you turn it on. Instructions on how to set up some of them are on Comcast's site.
I've had Comcast internet for two years, they haven't MAC-locked their service in the time I've had them. If you want more than one device at your house to work, you need a NAT/PAT gateway
Re: (Score:2)
but under ipv6 they give more then 1 ip.
Re: (Score:2)
Far far more than 1. It's more or less like having an internet's worth of IPv4 addresses for every IPv4 address
Re: (Score:2)
Each user gets 18 quintillion addresses? (Score:2)
Each user has been delegated a /64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses.
That seems a little silly. I thought end users were going to be assigned /48s with IPv6?
Re: (Score:3)
Well, folks have thought better of this and decided that they had to plan for the day where we develop nanotech medicine, and have an IP address available for each cell-nanotech pair for an entire family, plus enough overhead to give the same for each pet.
Re: (Score:2)
The smallest subnet normally designated in IPv6 is a /64. When you use automatic addressing based on MAC addresses, then you need a 64-bit host address. Assigning each household (at least) a /64 allows everything to work automatically.
Re: (Score:2)
Ah I see, so really only 2^64 unique addresses are routable within that framework.
Re: (Score:2)
No, all are routable.
Re: (Score:2)
Perhaps I should rephrase, yes all are routable, but since the way the protocol is going to work will see every end user getting at least a /64, doesn't that effectively cut the allocatable address space in half?
Re: (Score:2)
Every subnet gets at least a /64. That does lead to a lot of unused addresses, sure, but it doesn't mean that there are only 2^64 addresses either.
By the way, going from 2^128 to 2^64 isn't cutting in half; it's taking the square root.
Re: (Score:2)
Depends on the site. You will get a /64 and may only use it for four machines. If everyone did this, then that would mean that, in practice, you only had 2^66 addresses. On the other hand, a university will also get a /64 and may put tens of thousands of machines on it.
A large part of the point is that it allows edge networks to grow without anyone else caring. With IPv4, lots of sites got a /24, thinking that 256 computers was a huge number. Then they grew a bit, and needed another /24. This happe
Re: (Score:2)
A
Re: (Score:2)
A /48 is actually 65536 times bigger than a /64 (2^(64-48)), but it's still reasonable to give home users that much. Only 4 subnets is extraordinarily restrictive. Think many (actually probably not that many) years down the line when you have subnets per room and such. I'd want my kitchen to be on a different subnet than my garage, for instance.
Re: (Score:2)
Re: (Score:2)
Assigning a /48 for end users is still the recommended thing to do. Some ultra-conservative types are planning on /56 instead. I expect ISPs assigning /64s to go out of business (maybe that's hope).
Re: (Score:2)
I want a /64, so that SLAAC works. Ideally, a /60-/62-sized block, so I can subnet once or twice and still do SLAAC.
Re: (Score:2)
It is really silly. They should have at least given each user 4,722,366,482,869,645,213,696 addresses, 18 quintillion is being way too stingy.
Only half joking, I kind of wanted at least some headroom to segment my home network if I chose. Even a /62 would have been nice.
Re: (Score:2)
In other words, if you want to subnet your home network, you have to hope everything you care about supports DHCPv6 as opposed to RA. Since DHCPv6 got standardized pretty late, cuts down on the compatibility tremendously.
Re: (Score:2)
I don't understand this, how can you not be able to create subnets out of a whole 64-bit address space? Is this some fault or oversight in the IPv6 standard?
Re: (Score:2)
You're right, my bad. I was thinking of something else. /48s were for site assignments from ARIN.
https://www.arin.net/resources/request/ipv6_initial_assign.html [arin.net]
Still a /64 seems absurdly large for one end user.
Re: (Score:2)
> Still a /64 seems absurdly large for one end user.
After all, there are only 18 quintillion /64s. Wouldn't want to waste any.
Re: (Score:3)
MAC addresses are 64-bit. By handing out a /64 prefix to the user, a bit of convenience can be achieved wherein the MAC address of the adapter is automatically used as the last 64-bits of the user's IPv6 address.
Re: (Score:3)
I had a bit of a brain fart there. MAC addresses are obviously 48-bit. Nonetheless, the same magic can happen with 64-bit prefixes, though you could obviously get better utilization with a larger prefix.
Re: (Score:2, Informative)
The interface identifier part (lower part of /64) can be anything, but you can use a MAC by inserting FEFF into the middle of it, like so:
(Your network prefix):4:8:15:FE:FF:16:23:42
This is known as EUI-64 MAC and is not required by the protocol - under Stateless Address Autoconfig, hosts pick their own address, and under DHCPv6 they're assigned sequentially. Using the EUI-64 is a lazy convention which we really shouldn't do anyway (it's basically putting hardware fingerprints on your packets).
Re: (Score:3)
/64 is RFC recommended because IPv6 Autoconfiguration uses your NIC MAC address to generate IPv6 address for itself. The length of /64 is same as MAC address. That's why they are doing it.
IPv6 was designed to have large amount of waste built in. When you have 3.4x10^38, you can afford to be a little wasteful.
Re: (Score:2)
1. your can allow privacy on your network (eg. different IP address for each request, so sites can't track *you* reliably, etc.)
That's just silly. At the IP layer, they lose no granularity over today (they can tell basically what house it came from from the leading 64 bits and either interpret the last bits as finer grained data or discard as noise. All this is moot as sites track *you* reliably via use of higher-layer features like authenticated sessions and/or HTTP cookies that persist regardless of originating IP.
2. no need to run DHCP - each computer can make a unique address automatically
True, but of little practical consequence for most of the world. Most of the world lived in the default private net
Famous Last Words (Score:5, Funny)
Each user has been delegated a /64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses.
"18 quintillion unique IPv6 addresses should be enough for anybody." -me
Re: (Score:2)
Unfortunately it isn't, afaict the only widely supported autoconfiguration system for IPv6 is stateless autoconfiguration and that by design depends on a /64 subnet mask.
This makes life dificult if you want to run more than one subnet but your ISP will only give you a /64. ARP proxying may be a soloution but is likely to be quite painful to set up. Afaict the linux kernel guys are refusing to implement v6 nat on principle which rules out that option for those of us who use linux boxes for routing.
Re: (Score:3)
Actually, this is not enough. IPv6 always uses /64 subnets. The standard policies suggest that an ISP should allocate a block of /48 to /56 to each end user. This means that every end user can have 256 to 65,536 /64 subnets. Furthermore, the standard policies say that /19 to /32 should be allocated to each ISP.
I agree that it sounds wasteful, but it should be possible without problems.
Assume an allocation of /48 to each end user (actual numbers: /48 to /64). This means every end user can run 65,536 networ
Re: (Score:2)
Everyone gets 18quintillion addresses.... sounds like a plan to run the world out of IP's and start designing IPv7 ASAP!
Not really, with 18 quintillion allocations of that size, assuming 7 billion people, everyone can have 2.5 billion addresses.
That should last for a while.
Re: (Score:2)
Everyone gets 18quintillion addresses.... sounds like a plan to run the world out of IP's and start designing IPv7 ASAP!
Yes because we all saw how well "protocol version 7' worked out in Serial Experiments Lain :)
Re: (Score:2)
we all saw how well "protocol version 7' worked out in Serial Experiments Lain
Actually, I suspect that you'll find that most of us did not...
Good (Score:3)
The point of this is to uncover any issues with customer equipment that prevents it. Any modern Vista or Windows 7 box by default has IPv6 enabled, and it works just fine. I know. I use it on all of my company's machines. Any devices that isn't aware of IPv6 will just ignore it. I'm expecting some poor IPv6 translation technologies on cheap routers that break with real IPv6 presence. That's kind of the only downside I can imagine.
Customers behind an existing IPv4-only NAT device won't even be touched.
Re: (Score:2)
Some software, namely DirectPlay-powered games, semi-implement IPv6; enough to detect the IP and know it exists, but not enough to actually use it properly. More often than not, that means you'll have the game trying to connect through the IPv6 stack despite being unable to do so instead of just sticking to IPv4 where available and not doing anything where not.
I'm sure this isn't an isolated case. Chances are IPv6 is sufficiently similar to IPv4 for some sloppier implementations to understand half of it, en
Re: (Score:2)
Expect corporate networks that have to suffer such shit as Macromedia's flexlm to be on IPv4 for about another decade to allow floating software licences to work unless a competitor emerges. The obvious solutions such as running on virtual machines etc are all against the licence
They also support 6RD and 6to4 (Score:2)
6to4 should "just work", but 6to4 itself has some known issues with some kinds of routing (the IPv6 prefix doesn't have a routable prefix, so not everyone you can see can see you).
Their 6RD servers are few and far between, and that gives bad performance, but it work correctly. You just need to configure your connection properly for 6RD to their 6RD border router.
Windows or Mac OSX
Re: (Score:2)
The 6to4 prefix is routable, isn't it? I can connect to any IPv6 native stuff I've tried with it. Thought the real problem was if your packets got grabbed by something that advertised a route for it, but didn't do it properly.
Re: (Score:2)
Re: (Score:2)
If you have a home router, it probably doesn't support IPv6, but you might be able to use DD-WRT (www.dd-wrt.org) or other replacement firmware that does. I do this, and it works fine
FYI the Apple Airport Extreme and Express have supported IPv6 for quite a while now. Basically if your Airport router is square, it can handle IPv6. The older ones shaped like a Hershey's kiss do not.
I've got both types of Extreme in use at home right now - the older single band square Extreme providing 5GHz 802.11n, and the "kiss" router for some older devices that can only handle 802.11b/g. All I had to do (as a Comcast customer) was put it in "tunnel" (6to4) mode, and it was able to autoconfigure without
Re: (Score:2)
It has less functionality in this regard than the firmware that came with the router (a Linksys WRT610N). At least that automatically configured 6to4, even if it still didn't have any GUI options.
Re: (Score:2)
DsLite is also being tested by Comcast... Ugh. (Score:2)
So they are also testing DsLite, a system where the home user only gets an IPv6 prefix, and no IPv4 address. This connects to a NAT64 router that allows you to get at IPv4 sites, by translating your IPv6 address into an IPv4 address.
NAT64 is an ugly solution, but ARIN will run out of IPv4 blocks to give Comc
Re: (Score:2)
NAT64 (as commonly presented as an ISP level-solution[1]) is idiotic because of the DNS abuse it uses (DNS64).
DsLite seems far preferable to me based only on that consideration. DsLite is also what pretty much everybody has been expecting the whole time. Assign users routable IPv6 prefixes, and throw their IPv4 addresses behind "carrier-grade" NAT. Most users will not even notice the "carrier-grade" NAT. Those that do can pay more for the routable IPv4 addresses free up by gradually transitioning most users
Re: (Score:2)
I don't know about that. Qwest has yet to even offer an open beta for that yet. And while I see references to them doing it, I can't help but think that they'll wait to provide it with their fiber, which is to say only when Google or the city decides to bring fiber in to compete with them and starts actually laying fiber.
IPv6 Inertia (Score:2)
This is ridiculous (Score:3, Interesting)
"Each user has been delegated a /64 block of approximately 18,446,744,073,709,551,616 (18 quintillion) unique IPv6 addresses. "
So, effectively, they just shortened an IPv6 address to 64 bit - and allocation haven't even started yet in earnest. /64 to an individual user, /32 to a corporation, /12 to interplanetary internet or whatever other cooky idea there is - these addresses will run out in a jiffy. And then we'll be trading in these and IPv4 just the same.
This is the problem with people. Even technical people (and moreover - everyone else) will waste any resource (including artificial resource) until there is scarcity regulated by monetary means. If that's the way IPv6 will be assigned -
Re:This is ridiculous (Score:5, Informative)
Give rfc3177 [ietf.org] a read, especially section 4. That RFC is obsolete now, but the math hasn't changed.
These numbers are ridiculously huge, and it is intended in the design that subnets would normally be sized at /64. Thinking of that as 18 quintillion addresses is thinking like IPv4. IPv6 is different, and you think in terms of subnets. There are also (since an address is 128 bits) 18 quintillion /64 networks. If we give each person on the planet 65536 /64s (that's a /48) then we have enough for 5000 times the current world population in the current pool of addresses, which is 1/8th the full IPv6 address space. If you use the whole space, then it's 40,200 times the world population.
Re: (Score:2)
This wasn't done by Comcast, but the IPv6 architects. This is pretty much the consequence of having a fixed-size address space... people will mismanage it partly because of the way we think... we are mentally programmed to hoard.
It's the class A/B/C problem all over again.
Re: (Score:2)
From Larger address space [wikipedia.org]
The most important feature of IPv6 is a much larger address space than in IPv4. The size of IPv6 addresses is 128 bits, compared to 32 bits in IPv4. The address space therefore supports 2^128 or approximately 3.4×10^38
addresses. By comparison, this amounts to approximately 5×10^28 addresses for each of the 6.8 billion people alive in 2010.
It's not going to be exhausted anytime soon, and the shear number of devices that you'd need to exhaust that would be completely unimaginable. And not in the sense that we failed to imagine how many devices would be connected, but that would be more than every singe possession that everybody owns having multiple addresses whether or not they contain any circuitry.
Re: (Score:2)
IPv6 works. Subnets cannot run out of addresses in any foreseeable future. Business will get a
All of the IPv6 problems are in the transition.
Re: (Score:2)
Assigning /64 spaces to users is by design. IPv6 is a 128 bit address space. The first 64 bits are used for the globally routable address space, the last 64 bits are created by the hosts. The simple implementation is the ISP gives you a single routable 64-bit address, and then you stick your MAC address (on more strictly, the link-layer address) in as the last 64 bits - and bingo, you have a unique routable 128-bit IPv6 address per machine. If you want privacy, you just randomly generate the last 64-bits, w
Re: (Score:2)
This is how IPv6 is designed to work, the smallest allocation given to a user is a /64 to allow stateless autoconfiguration. It's why the address is 128 bits in the first place.
The 64 bits left for the network is still incredibly huge. You may be falling for the (intuitive) fallacy that 64 bits is just twice as big as 32 bits, but it's not. 64 bit subnets mean there are 2^32 *times as many* subnets than there are entire addresses in the whole of IPv4, that's to say, you can have *4 billion* networks the siz
Slightly unrelated (Score:2)
Is there software that can NAT IPv6? Clearly anything's possible in theory - but are there existing solutions.
I'd like all my devices to appear as a single IP address to the outside world, as they do now - to maintain uncertainty.
My Google mojo does not help - any mention of IPv6 in connection with nat that I am finding, is something about ipv4 nat or tunneling.
Ideally, it'd be nice to have that built into dd-wrt
Re: (Score:2)
To maintain uncertainty you want to go from 18 quintillion possibilities to only 65535?
Are you high?
Look at what Windows Vista and 7 as well as other OS's are doing with temporary IPv6 addresses.
Re: (Score:2, Interesting)
I want to go to a *single* IP address that represents all systems on my network. Same thing I am doing today with IPv4. I don't like people outside to be able to enumerate devices on my network - and using a single address is a first step (tweaking IP stacks to change signature and replacing browser agent string helps too).
I kinda expected that instead of "this is how you do this" (which is what freedom of choice of technology should be about) I am going to get the usual ideologically painted answers about
Re: (Score:2)
You can do NAT on an IPv6 connection the same way you are doing NAT on IPv4. Also, instead of using NAT to protect resources you should be using a border firewall that has the same rules for IPv6 as you have for your IPv4. That way from the outside even if they scan one of your IP addresses it still has the proper ports closed.
Assign internal IPv6 addresses to your network, and then NAT on those. Simple.
Whatever gateway you have that is doing route advertisements for IPv6 is still the primary location for f
Re: (Score:2)
I want to go to a *single* IP address that represents all systems on my network. Same thing I am doing today with IPv4. I don't like people outside to be able to enumerate devices on my network - and using a single address is a first step (tweaking IP stacks to change signature and replacing browser agent string helps too).
It is possible today to recover the users internal IP address on their private IPv4 network using flash / javascript when they visit a web site.
NAT == stateful firewall without packet mangling.
Effectivly anyone who wants it gets the same information and capabilities from your users regardless of IPv4 NAT vs IPv6 firewall.
Re: (Score:3)
As per request I'll refrain from saying "that's not what you need" but still. They wont be able to "enumerate" if you have a firewall, you don't need NAT to block incoming ports. I prepared these diagrams and post links whenever this is discussed on slashdot:
IPv4 NAT : http://cyclomedia.co.uk/blog/media/nat.png [cyclomedia.co.uk]
IPv6 Firewall : http://cyclomedia.co.uk/blog/media/ipv6.png [cyclomedia.co.uk]
Note the devices in the house that don't have any incoming ports. Not even ping? Note how it's the same in both diagrams? Do you get it yet?
Re: (Score:2)
Now people are using ipV6 (Score:2)
Re: (Score:2)
Comcast: "Well, if you insist..."
Re: (Score:2)
The transition technologies are in place so that it can work.
Re: (Score:3)
They probably want customers to use native ipv6 so they can eventually stop supporting native ipv4. I believe they are planning to let people run ipv6 exclusively and proxy outbound ipv4 connections which seems like a better long term strategy. I don't think that giving customers a new modem and router will complicate the rollout too much.
Re:cost? (Score:2)
Re: (Score:2)
They gave me a SMC8014 for a business drop, and nothing in the manual suggests ipv6 capabilities. That was only 2 years ago.
Re: (Score:2)
They need to for DOCSIS 3 (at least on the modem side) anyways. DOCSIS 3 supports IPv6, so after that roll out is over with the main problem is the router from the customer end.
Re:why? (Score:4, Informative)
Uhh, the entire reason they're moving to IPv6 is because IPv4 internally no longer works for them. They've exhausted 10.0.0.0 (it's only 16M IPs, after all), so moving to v6 is the only way they can keep their network manageable, without going to crazy, multi-layered NAT solutions.
Re: (Score:2)
wrong, they have been using public address space for the mgt of cable modems. Recently they have been moving the mgt to IPv6 too.
Re: (Score:3)
I don't know about Comcast for sure, but some of the cell phone companies, at the very least, have multiple private blocks each.
Re: (Score:2)
Why in the world would they want to proxy v6?
I can see where they might want to tunnel v6 over v4 as a transition measure (and they are. I'm using their 6rd tunnel endpoint now).
Re: (Score:3)
I should also mention that running IPv4 over IPv6 is kind of weird, and presents more problems than a proper dual stack.
Re: (Score:2)
Actually, NAT64 (where you make IPv4 servers out on the network look like IPv6 machines to devices on your network) works quite well, and isn't weird at all. It's arguably a better solution that dual stack.
Re: (Score:2)
maybe you're not as much of a geek as you think you are?
Re: (Score:2)
Sorry, at a loss. comcast should just keep ipv4 internal and proxy ipv6 externally. Don't understand the reason to complicate its implementation any more. Other than let us geeks suffer the consequences
When IPv4 addresses are no longer available(Coming within just months to a RIR near you! IANA global pool already gone!!) how do you propose to use IPv4 internally when the necessary IPv4 address space simply does not exist?
I can see an ISP following your advice right up until they need to fill out a new SWIP request for address space that does not exist. RIR: sorry dude.. ISP to customer: sorry dude... customer: @*(@#**!
When IPv4 runs out the only avenue for not switching to IPv6 for new users is CGN... g
Re:In related news... (Score:4, Insightful)
Big heavy winter storms can do that, yes.
Re: (Score:3)
Afaict the original idea with ipv6 was to go from public v4-->ubuiquitous dual stack with public v4-->phaseout of public v4.
However there is a chicken and egg situation, ISPs won't want to put users on v6 only until the majority of websites are available on v6 and a substatial proportion of website owners won't see any point in offering v6 while all their clients can still access v4. Especially as a lot of people who do have v6 have it via tunnels that add latency and reduce reliability. The result is
Re: (Score:2)
Re: (Score:2)
It's pretty unlikely that they will do that. The software maintenance hassles of what you're describing are far worse than getting people to upgrade their hardware. This will generate a lot of trash, unfortunately.