Some Telcos and ISPs are Frustrating IPv6 Adoption (guardian.ng) 135
An anonymous reader writes:
"There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications operators and internet service providers in the country have not adopted IPv6 which raises the issue of compatibility with other networks."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.
How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.
How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."
Isn't this good? (Score:2)
Re:Isn't this good? (Score:5, Interesting)
See RFC4941. You can set up your devices (or device) so that they keep changing their IPv6 addresses, concealing both which is doing what and how many devices you have.
Re: (Score:2)
All that means is I can add an arbitrary number of phantom devices. I want to emulate only having one device.
Re: (Score:1)
Properly implemented they have no way of telling if its a bunch of real devices, a bunch of phantom devices, or a single device. Everyones network looks the same, constantly changing suffices
Re: (Score:2)
There's nothing to stop you doing that as well if you really want to - although you might want to stop and ask yourself why you want that. Is it for any other reason than, "I want things to be the same as they were before"?
Re: Isn't this good? (Score:4, Insightful)
For the same reason that one uses dynamic addresses currently in IPv4: to prevent any attack vectors from pinpointing a device's IP address and then using that to break into the system. In fact, 'security extensions' (which is IPv6's term for dynamic addresses) is the default Microsoft way of assigning addresses to any device: they don't use EUI-64
Re: (Score:2)
Your ISP probably assigned a /64 to your home - so you can always keep rotating IPv6 addresses on your computer(s) if you feel the need to confuse your enemies. But they’ll still be able to see what sort of requests flow to and from your cable modem (or whatever)... just like they could with IPv4.
Static or dynamic; that's the question. (Score:2)
> Your ISP probably assigned a /64 to your home - so you can always keep rotating
> IPv6 addresses on your computer(s) if you feel the need to confuse your enemies.
That does *NOT* necessarily help anonymization. A static /64 (or /56) is still a CIDR. You can dick around with the MAC ID ("privacy extensions") and jump around in your CIDR all you want. But once someone identifies a static /64 or /56 with you, you're marked permanently. The big privacy battle with IPV6 will be for dynamic /64 or /56 alloc
Re: (Score:2)
My point is: this issue is nothing new... it's the same thing we already have with IPv4. You only get one address from your cable company, and (at least with Comcast) it doesn't seem to change much, if at all. In practice, the only time my cable modem's external IPv4 address ever changed was after extended power failures.
Re:Static or dynamic; that's the question. (Score:5, Insightful)
They are crippling IPv6 for one reason and one reason only. They have an existing investment in IPv4 addresses that they rent for profit or can sell, IPv6 simply reduces IPv4 addresses from being worth hundreds of millions of dollars to sweet fuck all. The longer they can keep out IPv6 the more money they can make out of IPv4. Straight up greed.
Re: (Score:1)
No, they're just lazy and cheap. It costs a lot to ensure all of the devices and software involved work properly with IPv6. Telcos are full of legacy gear and apps.
Re: (Score:2)
They are crippling IPv6 for one reason and one reason only. They have an existing investment in IPv4 addresses that they rent for profit or can sell,
No, they're just lazy and cheap. It costs a lot to ensure all of the devices and software involved work properly with IPv6. Telcos are full of legacy gear and apps.
AT&T went out of their way to block IPv6 tunnels before they started charging for IPv6 "upgrades". One of the justifications they gave was that otherwise their customers could get static IPs without paying.
Re: (Score:2)
> Your ISP probably assigned a /64 to your home - so you can always keep rotating
> IPv6 addresses on your computer(s) if you feel the need to confuse your enemies.
That does *NOT* necessarily help anonymization. A static /64 (or /56) is still a CIDR. You can dick around with the MAC ID ("privacy extensions") and jump around in your CIDR all you want. But once someone identifies a static /64 or /56 with you, you're marked permanently. The big privacy battle with IPV6 will be for dynamic /64 or /56 allocation versus static allocation.
That may be true, but it's only useful if one wants to block your devices from accessing their sites. However, if one wants to attack any of your devices, the /64 ain't enough: one needs the entire /128 address. If they were to try a brute force method of attack, they'd either take forever to exhaust all 2^64 addresses, or they'd need some algorithm to randomly pick addresses and hope that they match
NAT (IPv4 Address sharing) is not security. (Score:4, Insightful)
NAT does not provide any real network security, it actually prevents many security measures.
Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password.
By your argument -- you would be even happier if your ISP shares your IP address across many households (double NAT'd) -- which mine does.
Re: (Score:2)
I said obfuscation, not security. It seems better, from my point of view, not to have any security tied to IP address at all.
And yes, it seems better if my ISP shares my IP address across many households. Why would it harm me in the slightest?
Re: (Score:2)
I'd imagine that from an ISP's POV, it's more useful to assign one subnet to a single household, and keep it simple. If the guy who's bought the service is a techie, and is running, say, a server of some type at home, it lets him manage the whole thing. If you split it b/w households, that would no longer be feasible, w/o him having to contact every other family on the subnet
Part of this I blame on the design decision to make every subnet 2^64 instead of 2^32. I mean, which subnet needs to have even 4
Re: (Score:3)
Stateful Firewalls Provide Security (Not NAT) NAT does not provide any real network security, it actually prevents many security measures. Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password. By your argument -- you would be even happier if your ISP shares your IP address across many households (double NAT'd) -- which mine does.
That's tangential to the argument the GP appeared to be making
The GP was expressing concern about a telco, or anyone else, being able to know how many devices you're hooking up to the internet using your service. In other words, if you are paying Comcast $50 a month for a service, it's none of their business how many devices are hooked on to it. Under IPv4, it's somewhat trivial for them to find out. Under IPv6, if security extensions are being used, it no longer is.
Same thing about who's watching wh
Re: (Score:2)
And even the cheapest consumer routers (or modems) have stateful firewalls built into them these days, Linux core and free firewalls and all.
NAT without a firewall is a network without a firewall. Any security benefit is an accident, not by good design.
Re: (Score:2)
You need state tracking for NAT, not a stateful firewall. Yes, it just so happens that state tracking is also necessary for stateful firewalls, so it's quite common to find firewalling and NAT functionality combined into the same piece of software, but they're separate things. You can do NAT without having a firewall just fine.
...and if you do, then you'll find that anybody that can send packets to your router with the dest address set to the IP of a machine on your LAN will be able to connect to that machi
Re: NAT (IPv4 Address sharing) is not security. (Score:2)
Re: (Score:2)
My point was merely that it is still possible to commit this particular fuckup even if you're using NAT. (In fact the NAT probably makes it more likely you'll do it, because it may lull you into a false sense of security,)
Re: (Score:2)
No, security involves blocking/dropping hostile packets from a target node. It's the firewall part of the NAT that does that. If the NAT in question does not drop packets, but simply reroutes addresses, then it's not a security feature.
And how does a load balancer - something that divvies up the services being used - even begin to serve as a security device, w/o a firewall being involved?
Re: (Score:1)
Trying to scan a v6 /64 subnet (what a consumer gets 98% of the time) is like trying to find a single machine in the entire public v4 internet.
Re: (Score:2)
It would be a billion times more, not as much. The entire IPv4 network is something like 3.2 billion addresses. An IPv6 subnet would be 2^64 addresses. It would take forever to scan one IPv6 subnet, compared to the entire IPv4 internet
Re:Isn't this good? (Score:4, Interesting)
Yes and No. With a proper firewall, no one can scan your network for devices as it should only allow incoming traffic through that is a reply to outgoing traffic. But, sites you visit from IPV6 devices would show their full IPV6 unique ID on your network -- so say... Facebook or Netflix might know exactly how many devices you have at your home that you use to connect to their services.... BUT, they really know this anyway because they scan for device IDs, browser fingerprinting, etc.
NAT is a hack and not a security feature. It has its own security issues as well.
https://www.internetsociety.or... [internetsociety.org]
IPV6 is only bad if you have no proper hardware firewall between your ISP and your network... or if your ISP is spying on your traffic (in which case, you have bigger issues and need a VPN)
Re: (Score:2)
Note that most stuff ships with privacy addresses enabled, so your "IPV6 unique ID" used for outbound connections will change to a new, completely random ID every time you restart a device, reconnect one to the network, or in any case after 24 hours, which should limit its usefulness for tracking.
Of course, as you say, everybody is already tracking you via cookies and fingerprinting anyway.
Re: (Score:2)
YOu mean all things my devices all self-report. Yeah, I get that. It's modestly annoying to solve, but not difficult. Hint, all my devices report what I tell them to.
By the by, I read your article. It argues, e.g. that geolocation will be aided by IPv6. Sign me up to stay on IP4! Yes, I get that it's not a security feature, but it's definitely an obfuscation feature.
It makes NAT overload option rather than mandatory (Score:3)
> anonymization about which device beyond the firewall is using a service.
You're not really hiding anything. Between user agent strings, cookies, etc., the trackers know one device from another. In fact since most web access is from mobile devices these days, and mobiles get new IPs all the time, IPs aren't used much for tracking anymore anyway.
Because IPv4 lacks enough addresses, you're pretty much forced to use only one IP for all of your devices. That's a hack and while it works well enough most of
Re: (Score:2)
This. Exactly.
Also, with IPv6's extension header system, you can theoretically even route right through a NAT, completely neutralizing its most significant disadvantage, as long as the NAT in the middle recognizes and handles the extension, and the session layer on the remote machine that may need to be able to route a raw IP packet to an otherwise undetectable IP address knows to add the extension to the appropriate outgoing packets.
Re: (Score:2)
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
IPv6 seems dedicated to preventing me from hiding. Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
9,007,199,254,740,991 is greater than 1 (Score:3)
> Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
Yes they will be chosen from a range of 9,007,199,254,740,991 addresses or so. Some ISPs will assign you 32 times that many addresses, some a bit fewer, but roughly 9 quadrillion addresses. Compared to your ONE IPv4 address. As someone who has developed security systems which use IP addresses as one indicator of whether it's the same person, I'l
Re: (Score:2)
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
Just like when you were on IPv4, all your devices were behind one IPv4 address, providing precisely the same facility.
IPv6 seems dedicated to preventing me from hiding.
You've yet to provide a single example supporting this contention.
Re: (Score:2)
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
And TLS session caching, DNS fingerprinting and port range mapping (CGN).
IPv6 seems dedicated to preventing me from hiding.
IPv6 really does make it easier to track individual systems on a network of more than one user. Even with privacy addresses short term correlation is probably still useful.
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
IPv6 customers are generally assigned subnets rather than single IP addresses. Whether you get a single IPv4 address or a single IPv6 prefix your "network" can just as easily be tracked in either case.
Options here are same for both IPv4/IPv6 use a VPN/tunnel/proxy/
Re: (Score:2)
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
IPv6 seems dedicated to preventing me from hiding. Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
If somebody outside knows your /64 and they run a website, they can use their knowledge of your /64 to block you from getting into their site. But if they want to attack any of your devices, they need to know your entire /128 address, not just your subnet address, and that's where your device hopping b/w the addresses in your range helps.
Re: (Score:2)
But cookies would have to use something like your MAC addresses, or some other physical (read layer 2) info in order to have a count of your devices. In layer 3 - the IP layer - IPv4 can be used to track how many devices you are using, but IPv6 can't, due to the security extensions. So IPv4 vs IPv6 is no longer an argument if a foreign host, like Facebook or Twitter, is using something outside layer 3 to track everything about you
Or a random number (Score:2)
Mac addresses aren't needed, a random number does just fine. The whole idea of cookies, the definition of a cookie, is that the device returns back the same value that was previously set. So the server sets a cookie called device=7573+4758585 and next time the browser sends back that number.
Obviously the cookie is only one of many parameters used. Cookies might be "blocked" (which often just means they are cleared when you shut down your browser, session cookies typically aren't blocked). To "track" a u
Re: (Score:2)
Re: (Score:2)
Doesn't IPv6 hide the anonymization about which device beyond the firewall is using a service. Do I really want people outside my home to know how many devices I have, or which is viewing what?
Absolutely! Since the subnet size is fixed - 2^64, it's impossible for any service to know how many devices there are behind the firewall. Particularly if they are set up with security extensions, which is to have the interface IDs keep changing periodically so that not only can't a device's ID be nailed, but it would also be impossible to find out at the layer 3 level how many devices one has, or who's viewing what
Hard to support (Score:3)
Not every level 1 helpdesk jockey in India making $5/hr can do IPv6 subnetting in their heads to fix connectivity problems
Re: (Score:2)
You are right, but v6 subnetting is a lot easier than v4 subnetting because of the way that hex lines up with binary more easily than decimal does, so this seems more like an argument in favor of v6 rather than against it.
Re:Hard to support (Score:4, Funny)
To be fair, most of the tier 1 people can't do anything that's not in the flip book. That is, they can guide you to reboot the router. They can giude you to reboot Windows. If you tell them you have Linux they'll tell you that Windows Linux reboots the same way as other Microsoft operating systems.
So no real difference there.
Tell them they have a routing failure in your network and they'll transfer you to premium Windows support to explain to you how to set up your email.
Re: (Score:1)
What subnetting? Nearly everything in v6 is a /64.
Re: (Score:2)
The latest Microsoft MCSA/E exams have lots of /96 vlan questions
subnet sizes (Score:2)
Re: (Score:2)
Nobody can remember all those hex digits.
You control at least the last 64-bits. This doesn't have to be unworkable if you don't want it to be. Add in zero compression, representations as hex and factor in ability to get creative with your 64-bits.
I found it somewhat more difficult to remember prefix but not significantly more.
Easier to derive hostnames from rest of the bits available to you if you use a consistent/creative numbering scheme.
For those who work at large shops/ISPs it's likely even easier because you likely control the last 96-bits.
Re: (Score:2)
Extreme example of IPv6 not being difficult to remember is Sprints website... 2600 Hz... http://2600/ [2600]
Why does ./ have to butcher everything? http : // [2600::]
Re: Disabled ipv6... (Score:2)
Re: (Score:1)
Why? The problem is not in America but in Nigeria. America is the #2 country in IPv6 adoption, [akamai.com] just behind Belgium, so we're not exactly lagging behind the world. Or, are you suggesting that Americans need to pay more to help out Nigerian 419 scammer princes?
Re: (Score:2)
Government is way overkill for this.
Want to improve AAAA adoption? Easy. Google gives you a ~5% PageRank boost for working dual-stack on your server. Like they already do for SSL, ARIA accessibility, and mobile-friendliness.
Nothing would move the IPv6 needle faster.
Re: (Score:2)
That may work on the server side of things, but most end users don't have ipv6 connectivity...
What's needed is for the likes of google and facebook etc to start offering desirable features to ipv6 users first, perhaps as a form of beta... If hundreds of customers start calling isps demanding ipv6, or switching to other providers that already offer it then adoption will increase pretty quickly.
For now it's only a few of us asking for ipv6, so we get ignored by the major isps.
Re: (Score:2)
The US government should facilitate the move from IPv4 to IPv6 by starting to tax or apply a fee for each IPv4 (with no IPv6 address) address in usage -- and increase that fee each year until it encourages the movement off of IPv4.
That is among the dumber things I've read today, but granted I haven't spent that much time on-line today.
The tax code shouldn't be used as a cudgel to control behavior, it is a tool designed to fund the operation of the [Federal|State|Local] government. To what purpose would the proceeds of this tax be applied? Buying IPv6-complaint routers for public K-12 schools? Subsidize Internet connections for low-income/inner-city residents? What?
C'mon Editors (Score:5, Informative)
Re: (Score:2, Insightful)
Agreed, too many/most Slashdot readers simply read the headline and then try and blame some combination of the following:
a) Ajit Pai
b) Donald Trump
c) Republicans
d) Comcast, Verizon, etc
e) Windows/Microsoft
IPv6 is my preferred protocol now (Score:5, Interesting)
I know it is cool here to hate on Comcast but my cable modem service supports it so easily now that I don't see any barrier's to adoption.
I used to use one of my Apple Time Capsules (so shoot me) for my router but when I needed better VPN service I got a $35 Mikrotik and made that the gateway router and the Time Capsules are now bridge-mode Wifi access points behind that.
Fast forward a couple of years and I hear about Comcast has IPv6. I found out that my Mikrotik needed an upgrade for IPv6 support but that was surprisingly painless. Once you have that and turn it on the router gets your IPv6 address assignment from the upstream DHCPv6 server Comcast runs. That gives you a 64-bit "address pool" (which is what Mikrotik calls it) and without doing anything else all your household devices get an IPv6 address according their own capabilities.
Comcast did it right, but you still need the right router software on your end. The Time Capsules didn't cut it but the Mikrotik router did. I can't speak for other products because the router worked and there was no need to try anything else.
Windows no problem. MacOS no problem. Smart phones, TV, cams and all the other junk no problem.
The only reason you need IPv4 at all is because there are still a LOT of servers and services out there that can't be reached by IPv6. But I have had no issue with Safari, Chrome, or Firefox or any other networking application.
The payoff for me is that I run a fair number of VMs out in the cloud. My co-location host is reasonably OK with giving me IPv4 addresses when I need them but now I don't even bother assigning an IPv4 address to a system unless it is for public access. IPv6 straight from my system at home to the VM out there.
Fringe benefit: The public IPv6 addresses, at least those that don't have well-known AAAA DNS records, don't get constantly assailed by bots with dictionary attacks.
Gripe: XenCenter doesn't support IPv6 for management. And it is a mess to try and install a mitigating tool like fail2ban in the XenServer hypervisor. What a pain.
That's my take anyway.
Re: (Score:3)
Yep, Comcast did it right:
Between me and Comcast, we're predominantly doing ipv6:
Your IPv4 address on the public Internet appears to be 73.187.x.y
Your IPv6 address on the public Internet appears to be 2601:982:8202:e17x:y:z:z
Your Internet Service Provider (ISP) appears to be Comcast Cable Communications, LLC
Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]
HTTPS support is now available on this site. [more info]
Your DNS se
Re: (Score:2)
Two days ago I got my wife's store provisioned with a Comcast business internet (there was no other provider) with 5 static addresses. They provided an envelope with the static address range hand written on it for *only for IPv4*. They also got the addresses wrong and the they had not set the routes up, so nothing can route to those addresses anyway.
The installer who came said a couple of things that were obviously untrue about the address range available on the router's switch and then admitted to not unde
Re:IPv6 is my preferred protocol now (Score:4, Insightful)
>Comcast did it right
Bullshit. They can't even set up a static address range.
Don't confuse architectural design and their overall design with everyday low-level ineptness. Haven't you seen the ads for Comcast techs: "...no experience necessary?" You said it yourself, "...the installer who came" not "the network engineer who came....."
Don't confuse the two.
just need a truck and tools to be an 1099'er for c (Score:2)
just need a truck and tools to be an 1099'er for comcast in the past they did even do background or DMV checks.
Re: (Score:2)
Well, I'm not convinced they're doing anything right.
They used to have v6 provisioned on my business router. It's gone now. No idea why, I didn't tell them to do that.
Even when it was, they didn't seem to have v6 addresses provisioned as static for my business account. I need to call and yell at them, but that's such a pain in the ass.
Note that it's a business account, not a residential account. I needed v4 statics, still do. IPv6 is less critical for me right now, but it would be nice if it worked.
Re: (Score:2)
>Running servers from your residential internet connection
It's a business account. They don't sell static on residential accounts.
> - that certainly is not what its intended for.
Says who? It's my business what my packets do.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
We have all manner of confusion which arises from the multiple layers of NAT, which makes it painful to remember which internal addresses are mapped to which external addresses and ports.
With ipv6, everything would be much simpler. The DNS record points to the ip, and that ip identifies a single host.
Re: (Score:2)
The least common denominator (Score:2)
has applications beyond elementary school math.
Next story.
Why are there so few ipv4 addresses? (Score:1)
Re: (Score:1)
A bit of both. First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network. Secondly, handling and transmitting 128-bit identifiers would have been a bit much for the computers and networks of that era.
So, as I said, very few (if any) people thought the internet would get as big as it is and systems 30 to 40 years ago wouldn't have been able to handle IPv6 the way systems now can.
Re: (Score:2)
Re: (Score:2)
Products within a company. Everything gets a ip so it can be scanned and more product arrives just in time.
Re: (Score:2)
The internet does.
Actually, 64 bits might be enough for the internet, especially if you were willing to put up with some degree of increased costs and admin headache (and oh boy are we willing to do that), but "might" isn't good enough. If you're going to do an incredibly difficult protocol switchover to increase the address size, you really want to get it big enough the first time.
"Whoops. Tehee. It's still not big enough. We need to make it bigger again." is just not going to cut it.
Re: (Score:3)
First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network.
It was pretty close. World population was estimated to cross 4 billion in April 1974, while the paper describing IP was published in May 1974. Vint Cerf has apologized [networkworld.com] for choosing 32 bits, saying "The problem is the experiment never ended".
Re: (Score:3)
A bit of both. First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network. Secondly, handling and transmitting 128-bit identifiers would have been a bit much for the computers and networks of that era.
So, as I said, very few (if any) people thought the internet would get as big as it is and systems 30 to 40 years ago wouldn't have been able to handle IPv6 the way systems now can.
Actually, when the Internet Protocol was first created, it was only created for the US Department of Defense and their clients: there was never any intention for this to be used by the entire civilian population of the US, let alone the world. Once it became clear that it was catching on, the IPv6 (then IPng) started.
Also, at the time IPv4 came about, most computers were 8 or 16 bit, much less 32, so having a 128 bit address would have really slowed things down
What's the benefits of v6? (Score:3)
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
It's been years since I've worked on IPv6, I was one of the small team who wrote the IPv6 stack for Cisco's high end routers.
So I know the protocol - sort of. It was still in flux back then (15 years ago) with the IETF.
Can someone bring me up to date? As a website master, why do I need it?
Re: (Score:3)
Facebook have done measurements that show v6 as giving ~10-15% faster page loads [facebook.com] compared to v4. On some specific ISPs the difference will be even higher (for instance T-Mobile in the US backhaul all of their v4 traffic across the country to the datacenters that host their NAT64 infrastructure, while routing v6 more directly).
Re: (Score:2)
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
The tangible benefit I know of for websites ATM is faster page loads for those stuck behind IPv4 CGNs.
Re: (Score:2)
apps should PREFER IPv6 (Score:2)
If IPv6 is not available, so be it. BUT, by moving Chrome, Firefox, etc to 6, it will only hasten the move.
Re: (Score:2)
They do. If you take a dual-stack network and measure the traffic on it, you'll find that about half of it by volume already goes via v6.
Technically the priority is usually set by the OS/system resolver library, which sorts DNS results by an algorithm that is roughly "v6 first if you have a public v6 address, otherwise v4 first". Some software does override the ordering, and other software (like Firefox) has ADHD and will try to connect over v4 if the first connection attempt hasn't finished within 300ms, b
Lord a-mercy! (Score:2)
How will the Nigerian economy keep up with the western world without a timely shift to IPv6! /sarcasm
Seriously, it's Nigeria...
Nigeria (Score:2)
"There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications
I've considered it (Score:2)
Test for IPv6 Is Wrong, Problems with IPv6 (Score:2)
I tried the test at http://test-ipv6.com/ [test-ipv6.com] cited in the article. It said "Connections to IPv6-only sites are timing out. Any web site that is IPv6 only, will appear to be down to you."
According to the test site Down For Everyone Or Just Me at http://downforeveryoneorjustme... [downforeve...justme.com], the IPv6 test URI http://ipv6.vm1.test-ipv6.com/... [test-ipv6.com] -- timed out for me -- is down for everyone. The IPv6 test URI http://2001470118119/ip/?callb... [2001470118119] gives the result "Huh? [2001:470:1:18::119] doesn't look like a site on the interwho
Re: (Score:2)
I wouldn't put too much trust in DFEOJM.com; it even claims that Google [downforeve...justme.com] is down. Meanwhile, I have no trouble connecting to ipv6.vm1.test-ipv6.com:
Connecting to ipv6.vm1.test-ipv6.com (ipv6.vm1.test-ipv6.com)|2001:470:1:18::119|:80... connected.
You might be single-homed behind Cogent, who have an issue with reaching HE (specifically, the issue is that they just can't stop being assholes). If so then you should probably talk to your ISP and get them to get an extra upstream.
It's twice as much work; so,... (Score:2)
It takes twice as much work to configure IPv6 (assuming you need to keep supporting IPv4). It's no big deal if you are just configuring a few switches, but if you talk about the number of routers a large ISP has, it becomes a lot of work. So, until they get close to running out of IPv4 addresses to assign to customers, don't hold your breath.
Re: (Score:2)
if you talk about the number of routers a large ISP has, it becomes a lot of work.
Configuring large numbers of routers isn't an unsolved problem, [safaribooksonline.com] even if you roll your own automation.
A large ISP is insane if they dodn't use automation to configure their hardware -- it guarantees consistency across the network, which reduces their overhead.
At that point, adding a "new" router is no different from updating the configuration on an existing router.
Re: (Score:2)
That will work if every switch and router is the same and is running the same OS version (as was pointed out in the article you referenced). That's not likely to be true in a really large network.
Also, it's been my experience that script based solutions (especially ones that exercise a user interface) are fragile and require a lot of tinkering. And it's still going to be twice as much work (assuming that adding more configuration steps to the script only increases the probability of failure linearly, whic
Re: (Score:1)
how to make a terrrorist time bomb
Stay with IPv4 and don't upgrade the world's networks to IPv6.
Re: (Score:3)
Please, turn off smart punctuation - http://lmgtfy.com/?q=disable+s... [lmgtfy.com]
Re: (Score:2)
Please take a moment and disable smart punctuation - http://lmgtfy.com/?q=disable+s... [lmgtfy.com]
Re: (Score:2)
Please turn off "Smart Punctuation" on your iPhone. Google it. It's Slashdot, I shouldn't have to spoon-feed you a URL, should I?
Oh wait, I forgot, I DO need to spoon-feed you a URL - well, here you go: http://lmgtfy.com/?q=disable+smart+punctuation+ios [lmgtfy.com]
Re: (Score:2)
Itâ(TM)s a problem everywhere.
You're posting this on a site that can't deal with either smart quotes or IPv6. Any plans, Slashdot?
Based on Googleâ(TM)s stats, less than a quarter of google users are IPv6. https://www.google.com/intl/en... [google.com]
That's a pretty good upward trend.
Re: (Score:2)
NIGERIA, not America, but hey, cool you were able to work Trump AND Linux into your contribution, we all got just a little bit dumber after reading your comment.
Re: (Score:2)
That wasn't a mistake, it was a necessity. v4 only has space for 32 bits in its src/dest address header fields, and v6 addresses are longer than that, so you can't fit them in. It's v4 that's incompatible with v6, not the other way around.
That said, you can accept both v4 and v6 connections on a single v6 socket, so I'm not entirely sure what you're on about for that. On Linux the behavior is controlled by net.ipv6.bindv6only or a socket option, with the default being to permit v4 connections to v6 sockets.
Re: (Score:2)
The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space.
This ship sailed when IPv4 was placed into production. By time IPv6 came around it was already too late. You can't unfix a fixed address space without forklift change no matter what.
You would think the people behind standards like this are brains trust IQ 200. In truth they are often arrogant and short sighted and refuse to accept criticism.
Only arrogance here is in failure to understand the problem space and basic precepts of reality (e.g. pigeonhole principal)
This required stupidity like having applications which want to support IPv4 and IPv6 open two different ports for incoming connections. Dumb. Dumb. Dumb.
Most operating systems offer dualstack socket options to avoid this.
There is simply no grand conspiracy or obvious path unexplored because everyone but you must be stupid to see it.
Look at what all of the
Re:IPv6 sucks ass (Score:4, Informative)
The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space.
They didn't - the IPv4 address space is embedded within the (vastly larger) IPv6 address space. The IPv4 address 1.2.3.4 is ::ffff:1.2.3.4. Any IPv6-only application can thus reference any IPv4 address (although some residual NAT is obviously needed to allow the IPv4 server to reply).
Re: (Score:2)
IPv4 compatibility w/ IPv6 ain't the same as, say, Windows 10 compatibility w/ Windows 7, or i7 compatibility w/ i3. Think of v4 as being a surface street or a 2 lane highway, and v6 being an 8 lane freeway.
Re: (Score:2)
tell me about it. I've been bitching on the forums about this for years now. they even promised it would be with us this year but so far, no dice. Ideally I'd like more than a /64 too...
and I use modem mode and my own pfsense router, so I'm not beholden to their kit either...