If You Think You Can Ignore IPv6, Think Again 551
wiredmikey writes "Now that the last IPv4 address blocks have been allocated, it's expected to take several months for regional registries to consume all of their remaining regional IPv4 address pool. The IPv6 Forum, a group with the mission to educate and promote the new protocol, says that enabling IPv6 in all ICT environments is not the endgame, but is now a critical requirement for continuity in all Internet business and services. Experts believe that the move to IPv6 should be a board-level risk management concern, equivalent to the Y2K problem or Sarbanes-Oxley compliance. During the late 1990s, technology companies worldwide scoured their source code for places where critical algorithms assumed a two-digit date. This seemingly trivial software development issue was of global concern, so many companies made Y2K compliance a strategic initiative. The transition to IPv6 is of similar importance. If you think you can ignore IPv6, think again."
ISP (Score:5, Insightful)
Re:ISP (Score:4, Insightful)
Or you could get ready now, so when they flip the switch you're good to go.
Re:ISP (Score:5, Interesting)
Too much could change between now and then (then probably being in about a decade or so).
I'm with OP, when my ISP gives me one.. i'll deal with it.
Re: (Score:2)
As I type this in a Starbucks on an AT&T wifi node, DHCP issues both a v4 AND a v6 address.. I've tried to connect to some of the test places via v6, but as of this moment, no joy.. Now if I could just get my home isp to make the jump (Cox)....
Re: (Score:3)
Even if the cable companies switchover...will it make any difference to the general home user..their cable modem gets the Ipv6 connection, likely goes to a wireless rounter ipv6...but with everything already NAT'ed...people's stuff on internal networks won't really need to change anything....will they?
Re:ISP (Score:4, Interesting)
wow..just..wow. You really don't know the criticality of this or the momentum moving through ISPs, do you?
Decade my ass.
It sure doesn't seem all that critical if you go by their actions.
Most haven't even started moving to ipv6, and those who have are doing so rather methodically.
Most of them appear to have all the address space they need at the moment, and are heavily nat-ed on their internal networks. Most customers don't care, because they don't need inbound connections.
Most cable/DSL providers still have not even started rolling out modem replacements (mine can't handle ipv6 per the spec sheet).
If you ask them questions about their modems like... ... You get nothing but blank stares.
Do they plan firmware upgrades, or total replacements of the modems?
Will I be limited to a small number of world route-able ip6 addresses? (and therefore still need nat)
Will they handle 6-to-4 in the modem?
etc
etc
Panic hasn't set in. Static IP prices haven't started to rise. Nobody other than Comcast even want's to discuss the issue.
Re: (Score:3, Insightful)
Yeh, it's comments like this that have caused the problem we're in. Lack of preparedness is going to cause massive problems with the switch over. Just today I asked what I can do to prepare for this with my ISP. They were quite helpful and asked if I would like to be converted today (in fact, they encouraged I do). I'm spending a bit of time doing some testing at home to ensure that my IPv6 network functions the way I want it to before being converted and to ensure that I understand all of the ins and outs.
You can't "flip the switch" for decades (Score:5, Insightful)
The choice is between IPv4 single-stack or IPv4/IPv6 dual-stack. Given those as the only choices, people are choosing the former instead of the latter. There is no possibility of running IPv6 single-stack. IPv6 will essentially become the new "private IP addresses" that have to translate to "public" IPv4 addresses used by 99% of the IP devices in the world. The only difference is that IPv6 devices will be able to talk to each other without a NAT across organizations.
Re: (Score:3)
Re: (Score:3)
You make IPv6 support a requirement for new equipment and software.
It's not quite yet the time to retrofit IPv6 everywhere, but it is definitely time to build support into your new development requirements.
Just like y2k, if you coded software that used 2 digit date fields in 1995, you had only yourself to blame for needing to rush around in 1999.
Re:ISP (Score:5, Funny)
And just like in y2k, after we get IPv6 everywhere and nothing blows up, we'll be blamed for running a con job just like in y2k. "Sheesh, nothing happened, and we spent all that money on getting you to fix a non-problem!"
I say, let's let it blow up this time.
Re: (Score:3)
Get a free tunnel from SixXS or Hurricane Electric.
Re:ISP (Score:5, Funny)
ISPs won't support it until customers demand it. This requires government action: use stimulus money to make free porno available to all over IPv6 only. And not just any porno: the kinkiest, highest-resolution, full-length nastiness the Feds can commission.
Your U-Verse box will have a v6 address within a week.
Re:ISP (Score:4, Informative)
Have you ever plumbed the depths of usenet? Or /b/?
I don't think having people gouging out their eyes with grapefruit spoons is the best way to handle this.
Re:ISP (Score:4, Interesting)
It's been done: http://www.ipv6experiment.com/ (NSFW). Didn't work, unfortunately.
My captcha: "banged"
Re: (Score:2)
Yea, I'm waiting for my ISP to offer it too, so I can start experimenting with it. I won't use any of the tunneling services because I have a fast connection, so routing the packets trough a longer path than necessary (and this is what would hapen if my Pc decided to use IPv6 instead of v4 to connect to a server that supports both) will reduce my bandwidth, also, I doubt that any of those tunneling services would offer me 80mbps up/down for free.
Also, my ISP said that they will not be taking the public v4 a
Re: (Score:3, Insightful)
Re: (Score:3)
Re:ISP (Score:4, Informative)
Most ISPs are doing /56 or /48 for residential (Score:4, Interesting)
There are some ISPs that are starting off with just a single /64 (e.g. Comcast's trial), because they've got some equipment or management software that's not bright enough to handle more complex routing than that, but the general consensus is that businesses should get /48 and residences should get at least /56. That not only allows for a couple of subnets (e.g. wired, wireless, uplink, DMZ), but it also lets you use relatively dumb routers that handle subnets by cutting their address space in 2-4 pieces, and you can stack a couple of those.
I have heard of one ISP that's only allocating a /60 for residences, but IPv6 has enough address space that most people think it's worthwhile wasting some of it to get addresses aligned on byte boundaries and not mess with nibble-aligned, much less single-bit-aligned.
Re: (Score:3)
I must admit, when I first heard about the idea to give /56 or /48 to everyone, it seemed ridiculous. I suspect most people don't have more than one subnet - but since there are about 8 million times as many /56s as there are people on Earth, maybe giving a /56 to everyone isn't so daft after all.
IIRC, the IPv6 policy is that unicast is only 2000::/3 for now - if we fill that, the allocation policy will be reassessed to be less generous. Hopefully they've been clear enough that other addresses are *not* in
Re: (Score:3)
They need to assign a /64 anyway, so the only way to limit it would be to block the other IPs in their firewalls and keep such lists updated. Too much effort.
Re: (Score:3)
Re: (Score:3)
Not to mention the ISPs would very quickly exhaust their supply if IP addresses if customers weren't allowed to use NAT. It's the only reason we've lasted this long.
Re: (Score:3)
So the only ones paying the price will be the bold early adopters, the ones who take the cataclysmic tone of editors like this article's seriously.
Thanks, but no thanks. I'll turn on IPv6 as default protocol when every single route to every single address I use more than once a month is full-path IPv6, no tunneling, no NAT, and my service provider doesn't see each v6 addressed issued as a new cash cow^w^wsubscriber charge.
Th
Why would you want to do those broken things? (Score:4, Informative)
Look, you're getting a subnet that's big enough for just about anything you can imagine doing at home, not just the things you can actually figure out how to do. If you're like to split your /56 into 256 different subnets and do different things on them, go ahead. You can do that without breaking the end-to-end principle.
NAT breaks stuff right and left today, for two main reasons
- lots of protocols, including FTP and newer protocols, put the IP address inside the data packets, not just in the packet headers, and doing NAT properly requires ripping the packets apart, changing the addresses, and fixing up any checksums that got damaged in the process. It's even worse if you've got protocols that use crypto, either for information hiding or just simply for authentication. It's very hard to get them right, especially if people design protocols the firewall doesn't know about.
- stateful NAT makes it hard to establish connections through the firewall. Sometimes this is intentional, blocking unwanted connections for security reasons, but if two people behind NAT want to communicate, neither one can talk until the other one has talked to them first. There are products like Skype that are popular because they go to a lot of trouble to work around the different broken NAT implementations out there.
Putting a firewall box in front of your computers isn't a bad thing - you just need one that's IPv6-aware instead of IPv4-only. You're not getting the security from NAT, you're getting security from having a stateful packet inspection box in front of your computer, and that's not going to change. If you want to offload packet inspection from your 2GHz CPU down to your 200 MHz SOC-based firewall, go ahead; about a quarter century ago, Van Jacobson figured out how to tune the BSD TCP/IP stack so you could do wire-speed file transfer on 10 Mbps Ethernets using a Sun 3/60, so you should have plenty of spare CPU horsepower left to inspect your packets.
There's no particularly good reason for your computer to look like a single computer to anybody outside your network, and simple address-munging isn't enough to solve the problem. My laptop has different addresses depending on where it's plugged in, home, work, coffeeshop, etc., and the address isn't enough to tell them anything definite. When I'm at work, I occasionally have trouble reaching sites because many other users behind my corporate firewall are accessing them at the same time, so they want me to do a CAPTCHA to verify I'm not a bot abusing their system. However, if anybody does want to track your address, with IPv 6 they'll probably do it by tracking your /56 or /48. Also, there's the IPv6 address privacy mode, which lets your computer use a different host-part address on every connection, so it's not using the same MAC address every time.
Re: (Score:3)
But a lot of protocols in use today (peer-to-peer filesharing, VOIP, VPN, etc.) have had horrible kludges built into them to ensure that they can break through NAT and still work.
Breaking trough NAT without port forwarding - sure. The only reason why the protocol might not work with NAT with port forwarding is if it for some reason does not trust the header of the packet and adds a copy of the IP address in the data section (like ftp does).
So make your router (or other box) explicitly do port forwarding and/or load-balancing; it's effectively what you're using NAT for here and would likely be more flexible.
So, I can make a packet destined to 1::2 port 80 (hmm, with IPv4 I can write 1.2.3.4:80, is some other symbol used for marking the port number? 1::2:3:4:80 could be confusing?) actually go to 1::3 port 80? Great - it means I can still publish only
Re: (Score:3)
That's not the only reason. IPsec, for instance, has to be wrapped inside UDP (called IPsec NAT-T) to break through NATs since IPsec was designed to be run directly on top of IP, where there is no concept of ports to forward! Any attempt to go beyond TCP and UDP runs horribly afoul of NATs.
Or I can forward whatever protocol number to my VPN server. The fact that NAT is possible does not mean that I have to limit yourself to one external IP. If I have two VPN servers I can use two external IPs for them.
Simple inbound port forwarding doesn't need to be implemented as some fancy stack-level kernel feature like NAT; you just need a process listening on a port that, upon accepting, makes a connection to another IP and port and copies the data in both directions.
Which means that the server will see a lot of connections coming from the router (or whatever does the port forwarding) and will not see the actual IPs of the clients. Which makes this less useful than NAT.
It's likely a fair amount of NAT-like behavior will be written for IPv6 to support implementing transparent proxies, which do have to happen at the stack level.
Oh yea, I forgot transparent proxies. Thanks for reminding me :)
I just want the amount of NATted traffic on the Internet at large to be on the opposite end of the bell curve than it is now, since with IPv6 it will be unnecessary to "share an Internet connection" in the same way as IPv4.
What I understand is that
Re: (Score:3)
IPsec AH headers protect the integrity of the source and destination IP addresses (by design), so if those are modified in any way by NAT things will break.
Now that i went and read about it in Wikipedia, it seems we were both right - IPSec Transport mode does not support NAT (and needs NAT-T), while Tunnel mode (which is used for VPNs) supports NAT.
Anyway, you are clearly okay with NAT's limitations.
The only limitations of NAT that I see are those that stem from the fact that I only have one external IP (so I absolutely have to use NAT for everything). If that limit is lifted, NAT would have no problems, or rather, if you do not like it, you would not have to use it. Why would it be bad for you if I use it to m
Re: (Score:3)
Some servers track your IP when you log in. If your IP changes you might have to log in again. What if I want to be logged in from two computers?
Also, if I, say, have two servers that provide similar, but different services, I might want to make them appear as a single server that has a single DNS name. connecting to example.com at port 80 (http) would connect you to one server, but connecting to port 21 (ftp) would connect you to another server and there would be no need for www.example.com and ftp.example
Re:ISP (Score:5, Informative)
I'd rather have NAT for v6 too
Why?
There are always so many people saying they want NAT, but if addresses are plentiful then it serves absolutely no purpose. I think that most people who see it as necessary are confusing its function with a firewall. You do not need NAT to do the same things your home router does today. You can still block all incoming connections to a computer and allow all outgoing connections. You can still allow specific ports to be opened to specific machines.
Using a public address on your internal network doesn't automatically mean that you need to just allow any traffic in. Use a firewall to "stealth" every port and there will continue to be no evidence that you have a computer there.
Re:NAT will never go away (Score:5, Insightful)
The idea that NAT will go away just because a network is IPv6 is a pipe dream. No sane security admin would ever allow that. The idea that the firewall is the only thing between you and the outside world is, and should be, a non starter.
IT security is all about multiple layers, and one of them is the fact that you have a DMZ between you and the internet, and that the internet can't route outside of it. That is not going anywhere.
Look, I don't want to be disrespectful to you as a person, but your understanding of network security is... limited. What the fuck does having a DMZ have to do with NAT? It's true that NAT is how the most common way to configure a segregated v4 network, but if you think that NAT is the only (or even the best) way to handle this, you're sorely mistaken.
This may strike you as heresy, but you can construct your network with public-facing addresses, a DMZ and a network of addresses inaccessible from the outside world (except under prescribed circumstances)... all using public IPv6 addresses. The secret is... wait for it... don't fucking route to them, except when you decide it's okay.
The simplest way to do this would be simply to refuse connections originating from outside your network for a designated subnet. Hey presto! All the benefits of NAT without the insanity of NAT!
My employer, a university with campuses in 12 countries, does this already with a public IPv4 block. Last I checked, it was working just fine, thank you very much.
P.S. Yes, we're IPv6-ready.
Re: (Score:3)
"The secret is... wait for it... don't fucking route to them, except when you decide it's okay."
Which is all very well and good, but that requires that everyday people learn how to configure routers to do that. Guess what? That ain't gonna happen. People want a plug-and-play solution, not one where they have to learn crap they don't care about when all they want to do is read email or browse the web.
Which, believe it or not, is all that a *VAST* majority of people do.
When people want more, they ca
Re:ISP (Score:5, Insightful)
The IPv6 internet model still only allows provider-independent addressing if you're a member of your regional NIC (with all the associated bits and pieces, like ASNs etc)
NAT is the only sane way to give your network provider independence under this system. If you're forced to renumber your network when changing ISPs, it's a real pain in the neck. Also - what if you want to do redundant internet connections? With IPv4 NAT you just set up the NATing firewall to have two connections with the same priority, enable stateful tracking, and away you go. That's flat out impossible with directly addressed IPv6 - every device would need two IP's (one for each provider subnet), and you'd need to manually configure each device to spit out some traffic with one source IP and other traffic with another source IP.
Additionally, NAT lets you do some useful stuff, like providing multiple services on multiple back-end machines via a single IP (which would of course correspond to a DNS record). For example, providing a "mail.example.com" address which provides POP3, IMAP, Webmail and SMTP submission service - POP3 and IMAP going to the mailstore machine, Webmail to a webserver and SMTP to an MX machine, without needing to configure slow port proxy services which lose valuable information (such as the source IP for connections)
As for IPv6 autoconfiguration, autoconfiguration doesn't deal with:
- Changing application settings dependent on IPv6 addresses
- Updating DNS records
- multiple internet providers/multiple subnets
- port remapping
making it an incomplete solution in itself.
Re: (Score:3, Insightful)
Yes, you can assign multiple IPs per machine. You can do that with IPv4 too. It's an administrative nightmare generally. This will get especially bad if you've got a network with some services accessed by ULA and others by global address on Provider A's range, and yet more by global address on Provider B's range.
Oh, and one thing I forgot ab
Skript Kiddi3z have other tools, unfortunately :-) (Score:3)
There are other ways to find the machines on your subnet besides scanning, though it is nice that scanning will become harder. If you've got a known brand of ethernet card, there are only 24 bits worth of possible MAC addresses, and what's 16 million scanning packets between friends? Multicast works by default, though your firewall might block it, and they can still do phishing to get you to go to their web page so they can get your address. (IPv6 address privacy mode is a Good Thing, though corporate ne
Re: (Score:3)
But is it a certainty that ISPs won't charge for using them?
Remember, this is a business that exists to generate profit. There's no harm in that, of course... But they also thrive on artificial scarcity whenever it can be created, in order to boost profits.
To a soulless near-monopoly for-profit entity, such games are like printing money.
And besides, I don't necessarily want people gathering data on the number of machines, and their habits, that I have on my own personal /64. Such information does seem ha
Re:ISP (Score:5, Interesting)
Re:ISP (Score:5, Interesting)
The amount of *new* networking kit and software that still doesn't support IPv6 is frankly depressing. Microsoft's Forefront TMG (Their ISA replacement), for example, requires Server 2008/2008 R2 (which have full IPv6 support out of the box) but doesn't actually support IPv6 routing itself and it's only ~1 year old.
Re: (Score:2)
Wait... if they are EOLed, how are they under support contracts?
Isn't that kind of like an anti-tautology?
Maybe I'm way off base here*, in which case please do enlighten me... but does EOLing mean that no support is offered?
*3rd-party support being the only exception I can think of.
Re:ISP (Score:4, Informative)
Re:ISP (Score:4, Insightful)
You're right. Unless you are a business that is offering internet based services, you can probably ignore IPv6.
"equivalent to the Y2K problem" (Score:2)
So really no big deal then?
Re: (Score:3)
Re: (Score:3)
No big deal if an equivalent amount of timely effort is put into it. In other words, It'll be what Y2K would have been had we done nothing.
Re: (Score:2)
No big deal if an equivalent amount of timely effort is put into it.
Nonsense. Plenty of companies did absolutely nothing to prepare for Y2K. Entire swaths of the third world budgeted $0 for Y2K. They had little or no problems when the time came.
Re: (Score:3)
A massive undertaking by programmers worldwide in order to prevent a catastrophic meltdown. Completed just in time in a way that's transparent to the rest of the world, making it seem like no big deal.
Yeah, actually it'll probably be quite a lot like Y2K in that sense.
Exactly, don't say the Y2K word (Score:4, Insightful)
I really wouldn't go into board rooms and mention Y2K. The general public seems to think that there was nothing there and it was just a big hoax. I'm sure all of you have encountered this recently too. A few times recently I had to correct people who said something like "That Y2K thing was no big deal". My answer to them was "It was no big deal because people worked for 5-10 years to fix it, otherwise it would have been a big deal". But you all know that.
But if you want to be dismissed as a panic monger, bring up Y2K, otherwise, don't.
Re:"equivalent to the Y2K problem" (Score:4, Insightful)
The nice part is, unlike Y2K, is that there's no hard drop-dead date by which all work has to be done and all of a sudden there's a bunch of folks laid off. IPv4 can be a looming threat for years to come! Huzzah!
IPv6 Mess (Score:4, Interesting)
Not so fast:
http://cr.yp.to/djbdns/ipv6mess.html
http://marc.info/?l=openbsd-misc&m=128822984018595&w=2
Re: (Score:2)
Yep, it's a mess. But migration is still critical. The fact its a mess just means that it's that much harder to do right. Maybe if people hadn't been putting their fingers in their ears and shouting "NAT NAT NAT!" for the past 5 years, it wouldn't be such a mess now.
Re: (Score:2, Interesting)
You don't get it - IPv6 itself is a misengineered piece of crap.
Re: (Score:2)
You don't get it - IPv6 itself is a misengineered piece of crap.
Well, that's a position I've never heard. The messiness of the transition is, well, yes a mess, but that does mean that more techies will make more money to fix it all up. It will get all fixed up one way or another, but it will cost a hell of a lot more.
Re:IPv6 Mess (Score:5, Insightful)
Not so fast:
http://cr.yp.to/djbdns/ipv6mess.html
I don't agree at all with this article. The author claims that IPv6 should have been designed as an extension to IPv4 so that IPv4 and IPv6 hosts can communicate with each other directly. This is fundamentally impossible. The IPv4 host can only send packets to IP addresses with 32 bit. Any longer number is not understood by the IPv4 host. In order to make this work, the IP stack of every IPv4 host would need to be updated. Guess what has to be done to have IPv4 and IPv6 dual stack? The IP stack of every IPv4 host needs to be updated!
Re:IPv6 Mess (Score:4, Informative)
Agreed in principle, however NAT64 enables *precisely* what djb complains about. An IPv6 only host can now meaningfully participate in an internet filled with v4-only servers.
Re: (Score:3)
Re: (Score:3)
You're talking apples and oranges. Most of your comment simply doesn't make sense.
In order for IPv4 to be compatible with IPv6, ALL IPv4 stacks would require updates and still have all of the IPv4 flaws and problems and limitations - like addressing. Or, with the same hassle, you can update to IPv6, get superior addressing, lots of additional benefits, AND backward compatibility via either dual stack (IPv4+IPv6) or technology such as NAT64 [wikipedia.org] and DNS64 [wikipedia.org].
So yes, as others have said, the migration is a mess, but
Re:IPv6 Mess (Score:4, Informative)
Re: (Score:3)
There is a trivial mapping between IPv4 and IPv6 addresses, very similar to the one you propose. Bernstein's attack is against a strawman version of IPv6 that doesn't contain this feature.
Re: (Score:3)
Re: (Score:3)
Reading DJB's screed just makes me sad for the man. He literally expects any IPv6 implementation plan to entail a "magic moment" where literally everyone starts using IPv6 end-to-end, simultaneously. This is the kind of "informed" stance I'd expect out of a libertarian claiming we can eliminate the income tax entirely, but not from an expert who should appreciate the absurdity of such an expectation.
Chairman of the bored (Score:3)
if IPv6 is "a board-level risk management concern", then I certainly can safely ignore it, and so can pretty well every Slashdot reader.
Take Back The unused? (Score:2)
Re:Take Back The unused? (Score:4, Insightful)
It'd barely make any difference as you need contiguous blocks and the rate at which we're using them means that even reclaiming whole /8 blocks only extends the life of IPv4 by a few months at best.
Re: (Score:2)
Sigh. Once again:
Why should Ford, Apple, HP, Halliburton, etc be forced to give up their legacy blocks when AT&T and Level 3 get to not only keep theirs but resell the address space?
boring ipv6 articles (Score:5, Insightful)
Do we really need to have 3 ipv6 article a week on slashdot. I believe every single slashdotter knows and understands what the problem is about. So I suggest the editors to skip all the articles about "how my god we need to move to ipv6 FAST",
Re:boring ipv6 articles (Score:5, Insightful)
Just wait until "ipv6 conversion specialists" are charging you $450 an hour to make sure your business is not floundering because you ignored the problem until it was an emergency.
Re:boring ipv6 articles (Score:5, Insightful)
"Just wait until "ipv6 conversion specialists" are charging you $450 an hour to make sure your business is not floundering because you ignored the problem until it was an emergency."
That doesn't argue for warning PHBs. It argues for becoming a Conversion Specialist!
Kludge coming to a network near you.... (Score:3)
VRF for an IPv4 Internet Part Two anyone??????
IPv6? Bah! (Score:2)
Behold the formation of the InterNAT!
but ignoring is working so well... (Score:5, Insightful)
I finally found the group responsible for IPv6 at my company, and asked about our readiness. now keep in mind, we don't need to wait for an upstream provider as we are the upstream provider, with many peering agreements in place.
The answer I got back basically amounted to two things:
1) nobody else is ready, so we don't need to be either.
2) it's not legally mandated, so it's not important.
I'm so glad we pride ourselves on our ability to innovate...
Re: (Score:2)
Re: (Score:3)
For competition in our area there is one other large company, their publicly stated IPv6 policies are actually worse than ours (which is quite the feat to be honest!) and a handful of small ISPs reselling our lines and using us as an upstream provider... they don't have much choice in the matter.
So about that "competitive advantage" you were talking about...
what's going to get annoying (Score:3)
is when desperate (or "innovating") ISPs decide to jack up the rates on static blocks. Companies that have a static /24 will see the rate to lease that block double overnight. Then if you're only REALLY using a few dozen of them, giving some of that back is going to look really attractive. Did I say double? how about x16? if you can live with 29 usable instead of 253 I bet that's an offer many can't refuse.
I've got a block of 8 myself (5 usable naturally) so I think I'm safe from the vultures for awhil
Qwest (Score:3)
Qwest has taken care of the IPv4 exhaust issue for our residential customers at the ISP level. We are implementing the capability to communicate with contacts at both IPv4 and IPv6 addresses. This transition will be transparent to Qwest residential and business customers.
I'm not sure if the transition can actually be transparent since at a minimum I'll have to do something with my TCP/IP so it knows that IP6 is there, and from the looks of it my Modem doesn't support it ether without maybe a firmware upgrade.
Re:Qwest (Score:5, Informative)
What they said translates to "We are putting you behind a carrier grade NAT, you will no longer have a public IP unless you pay us extra for it."
Simple solution (Score:3, Funny)
I can double the number of IPv4 addressable machines.
UDP and TCP ports 1-512 will now be one machine, and ports 513 and higher will be another machine.
Re: (Score:3)
IP has no concept of "ports". Aside from the fact that you didn't split the port space evenly, you clearly have no concept of how IP and networking works. And even if this is a serious suggestion, and could possibly be implemented, it would be at least as much (if not more) work than implementing IPv6 *anyway*.
Re: (Score:3, Funny)
Oh my god, did somebody just invent NAT?
Re: (Score:3)
Apparently an economist opinion about computer technology is just as good as an economist opinion on the economy.
Stop already, it's getting old. (Score:5, Insightful)
Yes we know.
Major ISP's are just now getting the ball rolling. Client software is still being perfected. The bridges for early adopters are known to be flakey. Talk to the people working on that stuff (oh, wait, you don't need to, they're already underway).
Most readers here will move along when the infrastructure is ready. We know the address space is effectively out but there's little reason to do much at this point, and anybody trying to push people to adopt IPv6 before the tools are robust is kidding themselves.
Also what is really needed (Score:3)
At least before home users can care, is a good 4 to 6 translation system. What I mean is let's say your ISP goes IPv6 and your cable modem gets just an IPv6 address. If you have a newer computer (Vista or newer, newer OS-X releases, etc) it'll just work. It can have its own public IPv6 address and everything is great.
However, what do you do about older stuff? I'm not just talking older computers, which possibly could be upgraded, but I'm talking older devices, which can't. My AV receiver is a networked devi
Re: (Score:3)
That's called NAT-PT and I've just had a huge flamewar about it on the last IPv6 article. Basically, all the v6 geeks here hate NAT and think nobody should be allowed to have such a thing. Hence, the RFC has been deprecated and nobody is even trying to implement it.
Welcome to the real world (Score:5, Insightful)
Re: (Score:3)
> How many isps or carriers now are giving ipv6 as an option?
Comcast, for one.
All aboard the next gravy train (Score:3)
Nothing helps drive a wedge between people and their money than a fear incessantly pounded into their brain like a rusty nail.
IPv6 caper should help pay off the mortgage. Then 2038 should set me up quite comfortably for retirement.
The big mistake was not making mobiles IPv6 (Score:5, Insightful)
The big mistake was not making mobile IP devices IPv6 from the beginning. Even if they had to go through a NAT at the telco. Most of the growth is in mobile devices.
Fortunately, most mobile devices respond to updates pushed from the carrier. So mobile carriers need to be encouraged to implement that transition. Carriers are in a good position for this, since they control both ends of the air link. Some of this must be happening already.
Here's how to do it. (Score:3, Funny)
Facebook, 4chan, digg, slashdot, reddit, and redtube make their sites accessible by ipv6 only (and not through v4 to v6 tunnels.) :)
They take a hit in traffic for a little while, two weeks later, every ISP is giving out ipv6 addresses and every ancient router and pc is upgraded.
Re: (Score:3)
Yup. And realistically, although its not something to be proud of, there's too much money for everyone in continuing to work with IPv4 addresses for years now to force anyone over the wall to IPv6 only.
Its probably going to come down from on high - want any new routable IPs? Your ISP will force you to be fully v6 compatible. Why? Because their upstream is doing the same to them...
In the next 6-24 months though, expect a remarkable amount of horse-trading of large IPv4 blocks.
You will NOT take away or cause artificial demand (Score:5, Funny)
Re: (Score:3)
If you completely ignore it, isn't it likely you'll continue on with no adverse effects? I thought VP4 would continue to work with no tweaking necessary, as long as you're not using broken equipment.
But we all buy and acquire equipment. Getting a wireless router for your home, maybe you should check the specs a bit more closely now. Buying a set top DVR? You might want to do the same. Trying to decide if your old computer needs an OS update? Some will never have IPv6 support.
For end users these are concerns that could bite them down the road. For corporations, these are the kind of acquisition failures that will cost millions down the road.
Re: (Score:2)
You already said that here [slashdot.org]
Re:IPv6 sucks (Score:5, Informative)
The former is a tad old and mostly fixed by NAT64.
On second:
they created a totally new problem by avoiding arp. the
benefit of their layer-2 discovery mechanism has been
absolutely zero; the best unit of measure for the cost of
that decision is "decades".
ICMPv6 neighbor solicitation at *worst* case 'degrades' to ARP-type behavior. In very well behaved layer 2 networks (almost none, admittedly) it greatly reduces load at large scale of system. I don't see why avoiding ARP costs 'decades'.
they created an entirely new and huge problem (destroying
SIOCGIFCONF backwards compat hurt IPV6 deployment in operating
systems on a massive scale) by not making their sockaddr be
a power of 2 in size.
I still haven't heard anyone explain why that is so catastrophically bad. It may be, but in practice, I haven't seen how this afflicts me.
Now I will complain that they changed some fundamentals around DHCP (DHCP at all being a near afterthought as they magically thought route advertisement, stateless addressing, and mDNS would be the cure for *EVERYTHING*). However, most of it is probably going to fall into place as soon as more practical deployments start (currently, most v6 trials that end in failure cause people to just walk away from now instead of trying to push fixes.
Re: (Score:2)
Re: (Score:3)
Everything has mistakes built in. But DJB's article (aside from being 9 years old) simply boils down to "but who will implement it if it's not widely implemented?" The whole point of implementing it is that it'll get more widely used. That OpenBSD mailing list message was marginally more interesting, but boiled down to "it messes up my struct!"
I don't understand all the IPv6 hatred. IPv4 is not tenable (which can't really be argued otherwise), and even somehow extending the current address space would break
Re: (Score:2)
What's wrong with comparing it to the Y2K bug? Oh, yeah, that's right, the Y2K bug was actually fixed in a timely fashion and the vast, vast majority of computers were ready for new years' day, 2000. Whereas IPv6 isn't comparable because people are listening and starting to implement change.
Also, there's no real 'hard-and-fast' deadline like there was with the Y2K bug - exhaustion of IPv4 address space won't cause the Internet to suddenly collapse - it will just begin to cause g
Re:Can someone explain IPv6 without NAT? (Score:4)
How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?
Think about it. Let's say I set up my company with link local addresses. IPv6 forbids NAT on routers and firewalls. So how are my hosts going to talk to the Internet? Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?
NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.
Sorry to rant at you and not answer your question.
Have we stopped learning/teaching about routing, forwarding and firewalls because the magic NAT box does all of that for us? This is a sad state for the world of networking that such a question must be asked.. repeatedly... by people who should know better.
Re:Can someone explain IPv6 without NAT? (Score:5, Informative)
How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?
Ok, not a word about NAT.
Think about it.
I am thinking.
Let's say I set up my company with link local addresses.
You will not. Link local address is something every IPv6 interface has. You can use to communicate with other hosts on the same ethernet segment. You can not use it for communicating with the internet at large.
IPv6 forbids NAT on routers and firewalls.
It does no such thing. However nobody has bothered implementing NAT (sorry I said the word) on IPv6. I am sure someday somebody will but few will use it.
So how are my hosts going to talk to the Internet?
The minimum subnet size an ISP can assign to a customer is a /64 giving you 2^64 unique IP addresses you can distribute among your computers. In fact, your computers will pick up the prefix (the first 64 bit) from the router and then select the last 64 bit automatically. You will not have to do anything, it will just work.
Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?
I assume you are asking how it is accomplished _without_ NAT. You are confused about link local addresses. Those are not generally something you will be using. Your computers will get the first half of the IP address from the router and it will make up the last half by using your MAC or by random. All your computers will have unique public IP addresses. Since your computer already has a public IP address there is no need to translate it to something different by NAT.
NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.
You are assuming you only have one address. In fact you will have a minimum of 2^64 addresses. The ISP only needs the first 64 bit of the address to route it back to you. The last 64 bit is handled internally on your network. If you insist, you could say the first 64 bit is your "summarized address".
Re: (Score:3)
Re: (Score:3)
If your biggest problem is a trivial matter of notation you must be pretty happy with it.