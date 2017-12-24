Some Telcos and ISPs are Frustrating IPv6 Adoption (guardian.ng) 67
An anonymous reader writes: "There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications operators and internet service providers in the country have not adopted IPv6 which raises the issue of compatibility with other networks."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.
How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."
Re:Isn't this good?
See RFC4941. You can set up your devices (or device) so that they keep changing their IPv6 addresses, concealing both which is doing what and how many devices you have.
Your ISP probably assigned a
/64 to your home - so you can always keep rotating IPv6 addresses on your computer(s) if you feel the need to confuse your enemies. But they’ll still be able to see what sort of requests flow to and from your cable modem (or whatever)... just like they could with IPv4.
> Your ISP probably assigned a
/64 to your home - so you can always keep rotating
> IPv6 addresses on your computer(s) if you feel the need to confuse your enemies.
That does *NOT* necessarily help anonymization. A static
/64 (or /56) is still a CIDR. You can dick around with the MAC ID ("privacy extensions") and jump around in your CIDR all you want. But once someone identifies a static /64 or /56 with you, you're marked permanently. The big privacy battle with IPV6 will be for dynamic /64 or /56 alloc
My point is: this issue is nothing new... it's the same thing we already have with IPv4. You only get one address from your cable company, and (at least with Comcast) it doesn't seem to change much, if at all. In practice, the only time my cable modem's external IPv4 address ever changed was after extended power failures.
They are crippling IPv6 for one reason and one reason only. They have an existing investment in IPv4 addresses that they rent for profit or can sell, IPv6 simply reduces IPv4 addresses from being worth hundreds of millions of dollars to sweet fuck all. The longer they can keep out IPv6 the more money they can make out of IPv4. Straight up greed.
NAT (IPv4 Address sharing) is not security.
NAT does not provide any real network security, it actually prevents many security measures.
Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password.
By your argument -- you would be even happier if your ISP shares your IP address across many households
Ok dumbfuck, NAT is Network Address Translation. It can be 1 to many, or 1 to 1. It can be ipv4, or ipv6, or v4 to v6.
A stateful firewall is only necessary for 1 to many translation, but can be part of a 1 to 1 implementation.
And yes, it can be used to increase security, especially if you don't have a standalone firewall (or load balancer) appliance.
And even the cheapest consumer routers (or modems) have stateful firewalls built into them these days, Linux core and free firewalls and all.
NAT without a firewall is a network without a firewall. Any security benefit is an accident, not by good design.
Yes and No. With a proper firewall, no one can scan your network for devices as it should only allow incoming traffic through that is a reply to outgoing traffic. But, sites you visit from IPV6 devices would show their full IPV6 unique ID on your network -- so say... Facebook or Netflix might know exactly how many devices you have at your home that you use to connect to their services.... BUT, they really know this anyway because they scan for device IDs, browser fingerprinting, etc.
NAT is a hack and n
It makes NAT overload option rather than mandatory
> anonymization about which device beyond the firewall is using a service.
You're not really hiding anything. Between user agent strings, cookies, etc., the trackers know one device from another. In fact since most web access is from mobile devices these days, and mobiles get new IPs all the time, IPs aren't used much for tracking anymore anyway.
Because IPv4 lacks enough addresses, you're pretty much forced to use only one IP for all of your devices. That's a hack and while it works well enough most of
This. Exactly.
Also, with IPv6's extension header system, you can theoretically even route right through a NAT, completely neutralizing its most significant disadvantage, as long as the NAT in the middle recognizes and handles the extension, and the session layer on the remote machine that may need to be able to route a raw IP packet to an otherwise undetectable IP address knows to add the extension to the appropriate outgoing packets.
NIGERIA, not America, but hey, cool you were able to work Trump AND Linux into your contribution, we all got just a little bit dumber after reading your comment.
Hard to support
Not every level 1 helpdesk jockey in India making $5/hr can do IPv6 subnetting in their heads to fix connectivity problems
Nobody can remember all those hex digits.
You control at least the last 64-bits. This doesn't have to be unworkable if you don't want it to be. Add in zero compression, representations as hex and factor in ability to get creative with your 64-bits.
I found it somewhat more difficult to remember prefix but not significantly more.
Easier to derive hostnames from rest of the bits available to you if you use a consistent/creative numbering scheme.
For those who work at large shops/ISPs it's likely even easier because you likely control the last 96-bits.
Extreme example of IPv6 not being difficult to remember is Sprints website... 2600 Hz... http://2600/ [2600]
Why does
./ have to butcher everything? http : // [2600::]
Why? The problem is not in America but in Nigeria. America is the #2 country in IPv6 adoption, [akamai.com] just behind Belgium, so we're not exactly lagging behind the world. Or, are you suggesting that Americans need to pay more to help out Nigerian 419 scammer princes?
Government is way overkill for this.
Want to improve AAAA adoption? Easy. Google gives you a ~5% PageRank boost for working dual-stack on your server. Like they already do for SSL, ARIA accessibility, and mobile-friendliness.
Nothing would move the IPv6 needle faster.
The US government should facilitate the move from IPv4 to IPv6 by starting to tax or apply a fee for each IPv4 (with no IPv6 address) address in usage -- and increase that fee each year until it encourages the movement off of IPv4.
That is among the dumber things I've read today, but granted I haven't spent that much time on-line today.
The tax code shouldn't be used as a cudgel to control behavior, it is a tool designed to fund the operation of the [Federal|State|Local] government. To what purpose would the proceeds of this tax be applied? Buying IPv6-complaint routers for public K-12 schools? Subsidize Internet connections for low-income/inner-city residents? What?
C'mon Editors
Agreed, too many/most Slashdot readers simply read the headline and then try and blame some combination of the following:
a) Ajit Pai
b) Donald Trump
c) Republicans
d) Comcast, Verizon, etc
e) Windows/Microsoft
IPv6 is my preferred protocol now
I know it is cool here to hate on Comcast but my cable modem service supports it so easily now that I don't see any barrier's to adoption.
I used to use one of my Apple Time Capsules (so shoot me) for my router but when I needed better VPN service I got a $35 Mikrotik and made that the gateway router and the Time Capsules are now bridge-mode Wifi access points behind that.
Fast forward a couple of years and I hear about Comcast has IPv6. I found out that my Mikrotik needed an upgrade for IPv6 support but that was surprisingly painless. Once you have that and turn it on the router gets your IPv6 address assignment from the upstream DHCPv6 server Comcast runs. That gives you a 64-bit "address pool" (which is what Mikrotik calls it) and without doing anything else all your household devices get an IPv6 address according their own capabilities.
Comcast did it right, but you still need the right router software on your end. The Time Capsules didn't cut it but the Mikrotik router did. I can't speak for other products because the router worked and there was no need to try anything else.
Windows no problem. MacOS no problem. Smart phones, TV, cams and all the other junk no problem.
The only reason you need IPv4 at all is because there are still a LOT of servers and services out there that can't be reached by IPv6. But I have had no issue with Safari, Chrome, or Firefox or any other networking application.
The payoff for me is that I run a fair number of VMs out in the cloud. My co-location host is reasonably OK with giving me IPv4 addresses when I need them but now I don't even bother assigning an IPv4 address to a system unless it is for public access. IPv6 straight from my system at home to the VM out there.
Fringe benefit: The public IPv6 addresses, at least those that don't have well-known AAAA DNS records, don't get constantly assailed by bots with dictionary attacks.
Gripe: XenCenter doesn't support IPv6 for management. And it is a mess to try and install a mitigating tool like fail2ban in the XenServer hypervisor. What a pain.
That's my take anyway.
Yep, Comcast did it right:
Between me and Comcast, we're predominantly doing ipv6:
Your IPv4 address on the public Internet appears to be 73.187.x.y
Your IPv6 address on the public Internet appears to be 2601:982:8202:e17x:y:z:z
Your Internet Service Provider (ISP) appears to be Comcast Cable Communications, LLC
Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]
HTTPS support is now available on this site. [more info]
Your DNS se
Two days ago I got my wife's store provisioned with a Comcast business internet (there was no other provider) with 5 static addresses. They provided an envelope with the static address range hand written on it for *only for IPv4*. They also got the addresses wrong and the they had not set the routes up, so nothing can route to those addresses anyway.
The installer who came said a couple of things that were obviously untrue about the address range available on the router's switch and then admitted to not unde
Comcast did it right
>Comcast did it right
Bullshit. They can't even set up a static address range.
Don't confuse architectural design and their overall design with everyday low-level ineptness. Haven't you seen the ads for Comcast techs: "...no experience necessary?" You said it yourself, "...the installer who came" not "the network engineer who came....."
Don't confuse the two.
just need a truck and tools to be an 1099'er for comcast in the past they did even do background or DMV checks.
Please turn off "Smart Punctuation" on your iPhone. Google it. It's Slashdot, I shouldn't have to spoon-feed you a URL, should I?
Oh wait, I forgot, I DO need to spoon-feed you a URL - well, here you go: http://lmgtfy.com/?q=disable+smart+punctuation+ios [lmgtfy.com]
The least common denominator (Score:2)
has applications beyond elementary school math.
Next story.
Please take a moment and disable smart punctuation - http://lmgtfy.com/?q=disable+s... [lmgtfy.com]
how to make a terrrorist time bomb
Stay with IPv4 and don't upgrade the world's networks to IPv6.
Why are there so few ipv4 addresses?
A bit of both. First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network. Secondly, handling and transmitting 128-bit identifiers would have been a bit much for the computers and networks of that era.
So, as I said, very few (if any) people thought the internet would get as big as it is and systems 30 to 40 years ago wouldn't have been able to handle IPv6 the way systems now can.
Products within a company. Everything gets a ip so it can be scanned and more product arrives just in time.
What's the benefits of v6?
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
It's been years since I've worked on IPv6, I was one of the small team who wrote the IPv6 stack for Cisco's high end routers.
So I know the protocol - sort of. It was still in flux back then (15 years ago) with the IETF.
Can someone bring me up to date
Please, turn off smart punctuation - http://lmgtfy.com/?q=disable+s... [lmgtfy.com]
apps should PREFER IPv6
If IPv6 is not available, so be it. BUT, by moving Chrome, Firefox, etc to 6, it will only hasten the move.
Lord a-mercy!
How will the Nigerian economy keep up with the western world without a timely shift to IPv6!
/sarcasm
Seriously, it's Nigeria...
Nigeria
