Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashdot over IPv6

Posted by chrisd on from the links-you-can't-follow dept.

fuzzel writes "Even though Slashdot has run a number of articles about IPv6 (1|2|3) it apparently isn't reachable over IPv6 directly. But for the people that do already have IPv6 they can use http://slashdot.org.sixxs.org and they will be automaticaly gatewayed. This trick works for most sites by simply appending .sixxs.org to the domain part of a url, eg http://www.google.com.sixxs.org, the gateway will the rewrite url's to have it appended automatically so that everything goes over IPv6. Full information is available on http://ipv6gate.sixxs.net. Oh and yes if you don't have IPv6, those domains under sixxs.org won't work :)"

29 of 245 comments (clear)

  1. Slashdotting... by Jugalator · · Score: 2, Informative

    I think sixxs.org just found out the ultimate solution to prevent a site from becoming slashdotted. :-)

    --
    Beware: In C++, your friends can see your privates!
  2. Multicast? by trezor · · Score: 1, Informative

    How about a nice, standard way of foing multicasting within the IP-stack? Sounds good to me!

    oh... And the internet is running short of adresses. That might turn into a problem ofcourse :)

    --
    Not Buzzword 2.0 compliant. Please speak english.
  3. Re:I'll guess I'll admit it.. by Aussie · · Score: 5, Informative

    try this link

  4. Re:I'll guess I'll admit it.. by Jugalator · · Score: 5, Informative

    There are several other benefits to IPv6 IETF is implementing while they are updating the protocol. They don't wish to do it too often for obvious reasons and will try to get as much useful stuff in the new version while they're at it.

    IPv6...

    - ... will support IPSec intrinsically to provide end-to-end security on protocol level.

    - ... eliminates the need of NAT with special "local" addresses.

    - ... supports QoS features.

    - ... supports multihomed devices and load balancing, since an IPv6 address specifies a network interface, not a computer as in IPv4.

    - ... uses "modularized" headers where only the necessary fields are used. This essentially makes IPv6 more optimized than IPv4. For example, if the payload of a packet is larger than 64KB, IPv6 will attach another field for "jumbo payloads" and set the 16-bit value to 0.

    - ... contains improved multicast support (as an extension header), support for an authentication header (also an optional extension header), and an encryption header (also an optional extension header).

    - ... provides enhancements for DNS.

    - ... provides automatic neighbor discovery which is especially useful for ad hoc networks and wireless devices.

    - ... has a completely rewritten adress autoconfiguration.

    See also:
    IPv6: The Promise, The Problems, The Protocol
    RDC 2373

    --
    Beware: In C++, your friends can see your privates!
  5. Re:I'll guess I'll admit it.. by Max+Romantschuk · · Score: 2, Informative

    IPv6 will allow for more IP address, but is that it? I'm not questioning its usefullness, but am simply curious if there are any other benefits that come along with IPv6.

    For one thing I've understood that IPv6 will make routing possible without keeping track crazy amounts of addresses in huge routing tables. IPv& addresses are hierachical, and in a simplified sense work something like this:

    country.state.city.area.house.etc.etc...

    NOTE: this is not the actual layout... I don't remember the details. But the point is a backbone router only needs to look at the start of the address, and then send the packet "in the right direction" so to speak. The same thing applies longer down the chain.

    Would someone who is more enlightened care to explain this in an official manner? ;)

    --
    .: Max Romantschuk :: http://max.romantschuk.fi/
  6. Re:Damn. by fo0bar · · Score: 4, Informative
    My OS supports IPv6, but my router doesn't. Doubt that my ISP does either. Apparently this will only be truly possible for people with direct pipes (T1, etc.) Or does anyone know of ways around these problems other than nagging my ISP and router manufacturer?

    Use a tunnel broker. It lets you tunnel ipv6 connections over ipv4 to another endpoint. Two of the most popular are Freenet6 and Hurricane Electric. Hurricane Electric requires a static ipv4 IP, but Freenet6 works with dynamic IPs.

  7. Tunnel Brokers by Richard_at_work · · Score: 4, Informative

    The best way currently to use IPv6 is via tunnel brokers, who give you a range of ips (/64 or /48, both of which will vastly outnumber any number of electrical components in your house).

    These work by creating a ipv6 GIF tunnel over ipv4, to a server which has either further tunnels to the 6bone or native connectivity. Once you have this setup (and its preety easy to do on Linux, Windows, and very easy to do on the BSDs) then any ipv6 traffic can be routed automatically. This way you dopnt need to use a gateway, and you can use pretty much any app over ipv6, including ftp, ssh, www, email etc.

    Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker, who gives you a /64 (thats 18,446,744,073,709,551,616 distinct ips :) ) and delegates full forward and reverse DNS to you for this range.

    1. Re:Tunnel Brokers by grolim13 · · Score: 2, Informative

      It makes configuration easier - like DHCP, only without needing DHCP :) Once your router/firewall/gateway machine has an IPv6 address, it broadcasts it the prefix (first 64 bits, IIRC) to the local network. Other machines on the network will configure their own IP address to be the prefix, with their MAC address tacked on the end, and likely set their default gateway to the router.

    2. Re:Tunnel Brokers by asdfghjklqwertyuiop · · Score: 3, Informative


      thats 18,446,744,073,709,551,616 distinct ips

      Great. Every goddamn atom in your computer has its own bloody IP address. Tell me again why this is important?

      It means that every subnetwork in your site can have the same size network. By convention, end customers ("subscribers" is the ipv6 term) are assigned a /48, meaning you get 128-48=80 bits of address space to do with as you please. By convention, the first 16 of those bits are used for your subnet addresses, and the remaining 64 are individual host addresses on those subnets.

      To put it in more familiar IPv4 terms, imagine if there were so many IP addresses available that even the smallest sites could be given a class B. Now instead of having to subnet your network into efficiently sized CIDR blocks (eg, the lab upstairs gets 10.123.5.224/28, the billing dept gets 10.123.5.128/27, tech supports dept gets 10.123.5.32/29), you can just say everyone gets a class C (eg, the lab upstairs gets 10.123.5.x, the billing dept gets 10.123.6.x, tech supports dept gets 10.123.7.x). Much easier for humans to work with that way.

      To put in in IPv6 terms again, every site gets assigned a /48 (say, 2002:6f2d:9ffe) because the address space really is that big now. By convention, the next 16 bits are for your subnets (eg, the lab upstairs gets 2002:6f2d:9ffe:0001:x:x:x:x, the billing dept gets 2002:6f2d:9ffe:0002:x:x:x:x, tech supports dept gets 2002:6f2d:9ffe:0003:x:x:x:x). When assigning subnets within your site, you only have to keep track of 4th group of bits in the address. See how much easier this makes your life as a network administrator? You can still used small CIDR blocks if you wanted to, but you don't need to. Just giving everyone the same sized subnet is easier for you to work with,

      There's also the autoconfiguration thing (host addresses can be assigned based on their NIC hardware addresses, since the IPv6 subnet space is bigger than ethernet address space)...

    3. Re: Tunnel Brokers by Wesley+Felter · · Score: 2, Informative

      Tunnel brokers are obsolete; 6to4 is simpler and more efficient.

  8. Re:IPv6 today? by Diabolical · · Score: 4, Informative

    See this link for more info regarding IPv6 and it's advantages in today's networks.

  9. Re:I'll guess I'll admit it.. by BigJim.fr · · Score: 5, Informative

    The only solution available to provide Internet access to the hosts on the LAN was to use a private non routable subnet and to masquerade it behind the edge router. NAT also allowed some of these hosts to expose services to the outside world. But this solution has a major drawback : it breaks end to end connectivity and thus complicates the offering of many services that the Internet was meant for. Used like that, NAT is an evil kludge.

    IPv6 provides a way out. There certainly are many other advantages in the use of IPv6, but end to end connectivity for the masses is what could have the deepest impact. Think about is : when every single workstation has a routable IPv6 address, everyone will have the potential to serve. This is is what the Internet was meant to be, and actually was in the early days.

  10. Re:IPv6 - Chicken and egg ? - no! by TheSunborn · · Score: 5, Informative

    This is not true, there are real problems getting ip address from Ripe The result is that where I live we got 500 Computers behind a single nat gateway because we can't get an ip to each use. The result is a lousy network.

  11. US Alternative Tunnel Broker by fv · · Score: 5, Informative
    >Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker,
    >who gives you a /64 ... and delegates full forward and reverse DNS to you

    Great! And for those of us in the States (especially California), Hurricane Electric offers a free tunnel broker with these characteristics that I would recommend.I have been using it for more than 6 months, and find it quite stable. You do lose your /64 if HE can't ping you for 24 hours, but a new one is only a mouse click away. And what kind of geek would leave their computer inaccessible for that long anyway? ;). Initial activation does take a day or so.

    -Fyodor
    Concerned about your network security? Try the free Nmap Security Scanner

  12. Ipv6 is great by johnburton · · Score: 4, Informative

    I have a few machines at home and things like a tivo and a Zaurus that need IP addresses. Ideally they all should have proper routable IP addresses so the internet can be used as it is intended. Luckily my ISP (Andrews & Arnold) provide as many IP adresses for my ADSL as I want for no extra cost. But I'm still limited to 5 usable addresses. But they also provide Ipv6 access to the internet and give you a range of addresses. But instead of five addresses I get a whole /64 range which is 2^64 usable addresses. Anyway, if anyone in the UK wants ADSL and to use IPV6 I can recomment A&A as an ISP for this

    --
    Sig is taking a break!
  13. Re:I'll guess I'll admit it.. by Screaming+Lunatic · · Score: 4, Informative
    country.state.city.area.house.etc.etc... NOTE: this is not the actual layout... I don't remember the details. But the point is a backbone router only needs to look at the start of the address, and then send the packet "in the right direction" so to speak. The same thing applies longer down the chain. Would someone who is more enlightened care to explain this in an official manner? ;)

    Actually, this is done with IPv4 now as well. Originally, IPv4 was split into Class A,B, and C networks. Class A networks were larger blocks of addresses than Class B and C. Class A networks were allocated pretty quickly. So all there are left are Class C network blocks.

    If an organization gets a Class C network block, they have to use stuff like NAT and subnetting to uniquley identify each machine in there network and make routing manageable.

    These Class C network blocks are dished out geographically now. But the Class A network blocks that were dished out earlier are not being utilized well, because organizations don't have enough machines to fill them out.

    That's a pretty shitty explanation. Partly because I forget the number of bits in an IPv4 address that identifies the network and the number that identifies a host. So I can't come up with a good example. But my IPv4 address looks like so: 142.179.xxx.xxx (I'm not gonna give you my exact address)

    And my subnet mask: 255.255.248.0

    So my (Class C) network is (probably) identified by the first 21 bits. (If my conversion is correct).

  14. Re:IPv6 today? by Erik+Hensema · · Score: 3, Informative

    An IPv6 address is 128 bits long. Of these 128 bits, 64 bits are reserved for the host part. Usually it's a somewhat mangled version of your ethernet MAC address (a router will broadcast a prefix, and client machines will simply append the mangled version of their MAC to the prefix -- this is called autoconfiguration).

    This means you need a /64 subnet on each segment.

    Usually providers will assign you a /48 addressspace, giving you roughly enough space for 65000 subnets.

    Of course these addresses are routable: you don't need NAT and your machines are reachable from the internet.

    --

    This is your sig. There are thousands more, but this one is yours.

  15. Re:'Have' IPv6??? by WWWWolf · · Score: 5, Informative
    What exactly does it take to 'have' IPv6? What stuff neds to be upgraded? Application software? OS? Router? Does your ISP need to 'have' or 'support' it?

    OS and applications. Many operating systems already do support IPv6, as do many applications (Mozilla does, at least, as does many IRC clients because there's distinct benefits.)

    Router/ISP level support is Nice To Have, but there are tunneling servers that enable IPv4 sites to talk IPv6.

    As far as setup woes go, my setup was as easy as 'apt-get install freenet6' =)

  16. Re:'Have' IPv6??? by JayJay.br · · Score: 2, Informative

    For an IPv6 network to work, all hosts need to be aware of IPv6. That would be "native IPv6" (not sure about the term, but you get the picture!). That is, you need your ISP/OS/Routers/whatever is in the middle to know IPv6.

    You could also tunnel IPv6 over IPv4, so two ends could communicate using IPv6 in a v4 network.

    Or, you could use a gateway, like sixxs.org. There is some info in the link supplied in the article, but if you want the big stuff, please RTFRFC 2460!

    HTH!

  17. Re:Stupid question... by flink · · Score: 2, Informative

    It was an experimental protocol that never made it out of the lab. At least that was what my networking prof in college told me :-P

  18. IPv6 Quick links.. by Anonymous Coward · · Score: 1, Informative

    IPv6 information:
    http://www.ipv6.org/

    IPv6 for Windows:
    http://www.microsoft.com/ipv6
    http://research.microsoft.com/msripv6/

    IPv6 for Linux:
    http://www.bieringer.de/linux/IPv6/

    IPv6 for Mac:
    http://lists.apple.com/mailman/listinfo/ipv6

    IPv6 for Java:
    http://java.sun.com/j2se/1.4/docs/guide/net/ipv6_g uide/

    1. Re:IPv6 Quick links.. by leoboiko · · Score: 3, Informative

      I think NetBSD's Introduction to TCP/IP Networking has a pretty good intro about IPv6, even if you do not use NetBSD.

      --
      Prescriptive grammar:linguistics :: alchemy:chemistry. Stop being a nazi and learn some science.
  19. Re:IPv6 today? by Anonymous Coward · · Score: 2, Informative

    1. There are some things you can't do with NAT. For example, some VPN tunneling solutions can't be used over NAT.

    2. What if you want to run a service on the same port on multiple machines. With NAT you can only forward a port to a single machine. With fully routable, there are no problems.

    3. What if you NAT an office and some idiot is poking around other peoples networks. With NAT, all you know is that the connection came from your office. With fully routable IPs you may be able to tell whos machine was the culprit.

    These are just three. There are many more...

  20. MacOS X and IPv6 and other OSs by Midnight+Thunder · · Score: 4, Informative

    Even if your local network infrastructure does not support IPv6, all installations of MacOSX 10.2 have and IPv6 stack. The following is taken from doing an 'ifconfig' at the command line:

    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULT ICAST> mtu 1500
    inet6 fe80::230:65ff:fed6:b164%en0 prefixlen 64 scopeid 0x4
    inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
    ether 00:30:64:d6:b2:64
    media: autoselect (100baseTX <full-duplex>) status: active

    From what I can tell MS-Windows is still a little behind, as can be seen from this page. As for other OSs I am not aware of their support status. If you do know, a reply to this post would be handy to most.

    --
    Jumpstart the tartan drive.
  21. Re:Why the Weird Gateway? by Matty_ · · Score: 2, Informative

    According to Microsoft, this is only supported on Windows XP (just to make it clear to others). They also say that the upcoming Windows 2003 Server will support IPv6, in at least the same state in which XP does.

    I think it is still considered "beta" so-to-speak.

  22. Stop the madness! by Pii · · Score: 4, Informative
    You're right about a 21-bits part, but you're butchering the rest of it.

    For starters, classful routing on the Internet has gone the way of the Dinosaurs, and good riddance. CIDR saw to that (Classless Inter-Domain Routing), and when BGPv4 became the standard, all was right in the world (Because it implemented CIDR, by carrying Netmask along with the route entries).

    In casual conversation today, we still use terms like Class B, or Class C address space, but they don't refer to the actual Classful network boundaries of yore. Today, when someone refers to a Class C address space, they simply mean a 24-bit address space. Likewise, a Class B means a 16-bit (/16) address space.

    You say your netmask is 255.255.248.0. This represents a larger address space than a Class C, which has a mask of 255.255.255.0 (or /24).

    Your address space is the aggregate of 8 Class C networks. Your network is configured to utilize the first and second octets, and the first 5 bits of the third octet as the network address, leaving the remaining 3 bits of the third octet, and the entire fourth octet as the host address.

    That represents a network segment consisting of up to 2048 hosts (Ok... 2046 since you toss the first and last as the network address and the broadcast address.).

    In short, your network engineering staff ought to be shot, because damn, that's a really big subnet. There's just no good reason to have that many hosts on a segment.

    It's possible that you guys don't have anywhere near that many hosts, but if you do, without even looking, I can tell you that your network is a bit of a show. I hope you have your highly-loaded servers on their own segment, because the number of broadcasts must be tremendous. Even in a switched environment, those broadcasts must be propegated everywhere, and every machine in the network has to stop briefly to examine each and every one.

    Your organization should look at some Layer-3 segmentation...

    --
    For those that would die defending it, Freedom
    has a sweet taste that the protected will never know.
  23. Re:I'll guess I'll admit it.. by Scott+Wunsch · · Score: 1, Informative
    And furthermore, i'd say the "end of NAT" is a bit too much. I find it very useful to use a NAT gateway/firewall and put insecure clients behind that. It reduces the need to think secure on the local network. I can for instance export my fileserver data rw onto 192.168 without much consern. Wouldn't wanna do that if they were all "real" IP's.
    Why not? If you set up a trivial firewall using iptables and allowing only --state ESTABLISHED,RELATED (or the equivalent using some other stateful firewall), you have exactly the same level of security as you do with NAT. If you also throw in a rule to ensure that no spoofed packets come in with a source address that matches your internal subnet, you can now safely export your fileserver data.

    Remember, --state ESTABLISHED,RELATED means that you're protected by exactly the same connection tracking code as you are with NAT. And, by eliminating NAT, you're no longer breaking the end-to-end nature of IP.

    --
    \\'
  24. Sorry to tell ya : NAT is virtually DEAD ... by Anonymous Coward · · Score: 1, Informative

    NAT does not add any kind of security in you network. It only adds security potential trouble and administration issued.

    Having no NAt under IPv6 does not prevent you from having a Firewall. But because there is no more trouble with not routable services, DMZ address plan, etc ... it is much more simple to monitor !

    IPv6 do sign the end of the NAT. And no, this is no good reason a NAT should be kept on a LAN if you can go IPv6. NAT was just build to solve several IPv4 issue regard adress plan and IP shortages ... but solving stuffs on one hand it adds headaches and flaws on other.

  25. Re:I'll guess I'll admit it.. by Anonymous Coward · · Score: 1, Informative

    "you have exactly the same level of security as you do with NAT"

    Not completely, as NAT also removes information about the NATted network. How many hosts are there? Which of the hosts behind the firewall is this?

    NAT is also partly a privacy tool, which (at least) gives the feeling of better security. Not just filter our the packets that don't seem related to an established connection, but also filter out all information that the receiver does not absolutely need.