Slashdot over IPv6

fuzzel writes "Even though Slashdot has run a number of articles about IPv6 (1|2|3) it apparently isn't reachable over IPv6 directly. But for the people that do already have IPv6 they can use http://slashdot.org.sixxs.org and they will be automaticaly gatewayed. This trick works for most sites by simply appending .sixxs.org to the domain part of a url, eg http://www.google.com.sixxs.org, the gateway will the rewrite url's to have it appended automatically so that everything goes over IPv6. Full information is available on http://ipv6gate.sixxs.net. Oh and yes if you don't have IPv6, those domains under sixxs.org won't work :)"

either I don't have IPv6, or..

uh.. or it could just be slashdotted :P uhm, wait..
I don't know.

Oh great...

[magickalhack]

"And in other news, Slashdot managed to bring down the entire IPv6 network today..."

I'll guess I'll admit it..

[Longinus]

I'm not entirely clear on why IPv6 such a cool/neccesary thing. As far as I, in my limited knowledge, know, IPv6 will allow for more IP address, but is that it? I'm not questioning its usefullness, but am simply curious if there are any other benefits that come along with IPv6.

Re:I'll guess I'll admit it..

[Aussie]

try this link

Re:I'll guess I'll admit it..

[Jugalator]

There are several other benefits to IPv6 IETF is implementing while they are updating the protocol. They don't wish to do it too often for obvious reasons and will try to get as much useful stuff in the new version while they're at it.

IPv6...

- ... will support IPSec intrinsically to provide end-to-end security on protocol level.

- ... eliminates the need of NAT with special "local" addresses.

- ... supports QoS features.

- ... supports multihomed devices and load balancing, since an IPv6 address specifies a network interface, not a computer as in IPv4.

- ... uses "modularized" headers where only the necessary fields are used. This essentially makes IPv6 more optimized than IPv4. For example, if the payload of a packet is larger than 64KB, IPv6 will attach another field for "jumbo payloads" and set the 16-bit value to 0.

- ... contains improved multicast support (as an extension header), support for an authentication header (also an optional extension header), and an encryption header (also an optional extension header).

- ... provides enhancements for DNS.

- ... provides automatic neighbor discovery which is especially useful for ad hoc networks and wireless devices.

- ... has a completely rewritten adress autoconfiguration.

See also:
IPv6: The Promise, The Problems, The Protocol
RDC 2373

Re:I'll guess I'll admit it..

[Max+Romantschuk]

IPv6 will allow for more IP address, but is that it? I'm not questioning its usefullness, but am simply curious if there are any other benefits that come along with IPv6.

For one thing I've understood that IPv6 will make routing possible without keeping track crazy amounts of addresses in huge routing tables. IPv& addresses are hierachical, and in a simplified sense work something like this:

country.state.city.area.house.etc.etc...

NOTE: this is not the actual layout... I don't remember the details. But the point is a backbone router only needs to look at the start of the address, and then send the packet "in the right direction" so to speak. The same thing applies longer down the chain.

Would someone who is more enlightened care to explain this in an official manner? ;)

Re:I'll guess I'll admit it..

[BigJim.fr]

The only solution available to provide Internet access to the hosts on the LAN was to use a private non routable subnet and to masquerade it behind the edge router. NAT also allowed some of these hosts to expose services to the outside world. But this solution has a major drawback : it breaks end to end connectivity and thus complicates the offering of many services that the Internet was meant for. Used like that, NAT is an evil kludge.

IPv6 provides a way out. There certainly are many other advantages in the use of IPv6, but end to end connectivity for the masses is what could have the deepest impact. Think about is : when every single workstation has a routable IPv6 address, everyone will have the potential to serve. This is is what the Internet was meant to be, and actually was in the early days.

Re:I'll guess I'll admit it..

[Screaming+Lunatic]

country.state.city.area.house.etc.etc... NOTE: this is not the actual layout... I don't remember the details. But the point is a backbone router only needs to look at the start of the address, and then send the packet "in the right direction" so to speak. The same thing applies longer down the chain. Would someone who is more enlightened care to explain this in an official manner? ;)

Actually, this is done with IPv4 now as well. Originally, IPv4 was split into Class A,B, and C networks. Class A networks were larger blocks of addresses than Class B and C. Class A networks were allocated pretty quickly. So all there are left are Class C network blocks.

If an organization gets a Class C network block, they have to use stuff like NAT and subnetting to uniquley identify each machine in there network and make routing manageable.

These Class C network blocks are dished out geographically now. But the Class A network blocks that were dished out earlier are not being utilized well, because organizations don't have enough machines to fill them out.

That's a pretty shitty explanation. Partly because I forget the number of bits in an IPv4 address that identifies the network and the number that identifies a host. So I can't come up with a good example. But my IPv4 address looks like so: 142.179.xxx.xxx (I'm not gonna give you my exact address)

And my subnet mask: 255.255.248.0

So my (Class C) network is (probably) identified by the first 21 bits. (If my conversion is correct).

Re:I'll guess I'll admit it..

[boaworm]

- ... eliminates the need of NAT with special "local" addresses.

Just a question on this one. I do agree that there will be enough IP addresses that there is no need to use special local addresses. Bit i actually find it very useful. It makes it easy to see where I am located, is it behind NAT, behind a firewall or just through a proxy ?. Currenty I can figure some of this out just by looking at my IP address, but without local IP subnets, things will get more confusing.

And furthermore, i'd say the "end of NAT" is a bit too much. I find it very useful to use a NAT gateway/firewall and put insecure clients behind that. It reduces the need to think secure on the local network. I can for instance export my fileserver data rw onto 192.168 without much consern. Wouldn't wanna do that if they were all "real" IP's.

IPv6 is great and it will allow those who DONT want to be behind NAT to get a "real" IP address, but its not the end of NAT.

Slashdotting...

[Jugalator]

I think sixxs.org just found out the ultimate solution to prevent a site from becoming slashdotted. :-)

IPv6 Slashdotting?

[mikeophile]

Are there enough /.'ers using IPv6 to /. sixxs.org?

If not, then shame on us.

the ironies

[lingqi]

I get a feeling in my gut that says sixxs.org is not as impervious to slashdotting as slashdot itself,

so maybe we will finally be able to slashdot slashdot, or at least the IPv6 gateway,

BUT maybe there are not enough slashdotters using IPv6 to be able to connect to the IPv6 slashdot in order to slashdot slashdot's IPv6 gateway,

and... [head explodes]

the rewrite url's what?

[tamnir]

the gateway will the rewrite url's to have it appended automatically so that everything goes over IPv6.

I think I get the general idea, but it took me some time. Funny how a couple of spelling mistakes can lead to a quite obfuscated sentence. Anyway, here is what I now think (after checking the site: boggled at that sentence in vain! :) ) that it meant:

the gateway will then rewrite URLs on the pages sent back to your browser, appending automatically the ".sixxs.org". This way, all the links will still go through the IPv6 gateway, letting you transparently surf the web over IPv6!

IPv6 - Chicken and egg ? - no!

[SilverSun]

This whole discussion and the support of IPv6 is completely pointless. There are 101 ways to bridge your IPv6 to IPv4 and the other way round. There is no chicke and egg problem. The real reason why IPv6 is not widely deployed is that nobody really needs it.

This is just like HDTV, yes, it's better, cooler, has nifty features, but the old thing does most of the job for much less money/effort.

With IP this situation 'might' (not necessarily 'will') change with the vanishing IP address space, but I am convinved it's perfectly safe to wait till we get there.

If any ISP really thinks he needs v6 he will just install it. Why should I (as a user) try to convince any ISP to use v6. It's just nothing that matters to me. (Multicast?? ha!) I can tell you, that I (as an ISP) don't even know why I should convince anybody. This whole discussion is probably sponsored by cisco's PR department.

Cheers.

Re:IPv6 - Chicken and egg ? - no!

[TheSunborn]

This is not true, there are real problems getting ip address from Ripe The result is that where I live we got 500 Computers behind a single nat gateway because we can't get an ip to each use. The result is a lousy network.

Re:IPv6 - Chicken and egg ? - no!

[TheRaven64]

but I am convinved it's perfectly safe to wait till we get there.
Good point. Also, I see no reason why we should bother researching renewable forms of energy until we actually run out of oil. After all, the perfect time to solve a problem is when our infrastructure depends on the solution - solving a problem before it's a catastrophe is just wasted effort.

Re:IPv6 - Chicken and egg ? - no!

[sgtrock]

I don't mean this as a slam, really I don't.

However, if you need to host 500 servers and can't figure out how to set up a NAT gateway to support them, maybe you need to hire some competent help.

If you can't figure out how to negotiate a contract with your Internet provider to get the bandwidth that you need, maybe you need to hire some competent help.

If you can't figure out that when you are talking about 500 computers to hide behind a NAT you should be talking to an ISP/bandwidth provider who knows how to sell commercial class services, maybe you need to hire some competent help.

If you are the help, then God help the organization that you work for. In the meantime, I strongly suggest spending a lot of time polishing your skillset, because your next boss won't be as willing to put up with this kind of mess.

Damn Irresponsible

[tanveer1979]

hey Taco. dont you have sense. In this oil scarce world you are going on V6s!!. guys dont listen to these nerds, stay on V4 and save the earth.

Re:Damn.

[fo0bar]

My OS supports IPv6, but my router doesn't. Doubt that my ISP does either. Apparently this will only be truly possible for people with direct pipes (T1, etc.) Or does anyone know of ways around these problems other than nagging my ISP and router manufacturer?

Use a tunnel broker. It lets you tunnel ipv6 connections over ipv4 to another endpoint. Two of the most popular are Freenet6 and Hurricane Electric. Hurricane Electric requires a static ipv4 IP, but Freenet6 works with dynamic IPs.

Tunnel Brokers

[Richard_at_work]

The best way currently to use IPv6 is via tunnel brokers, who give you a range of ips (/64 or /48, both of which will vastly outnumber any number of electrical components in your house).

These work by creating a ipv6 GIF tunnel over ipv4, to a server which has either further tunnels to the 6bone or native connectivity. Once you have this setup (and its preety easy to do on Linux, Windows, and very easy to do on the BSDs) then any ipv6 traffic can be routed automatically. This way you dopnt need to use a gateway, and you can use pretty much any app over ipv6, including ftp, ssh, www, email etc.

Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker, who gives you a /64 (thats 18,446,744,073,709,551,616 distinct ips :) ) and delegates full forward and reverse DNS to you for this range.

Re: Tunnel Brokers

[iangoldby]

These work by creating a ipv6 GIF tunnel over ipv4...

That is just so stupid and typical. Why oh why do we have to put up with this recyling of old and broken technologies, and patent issues to boot? You would have thought that if they are making a fresh start with a new so-called modern protocol, they would at least use a new and modern specification such as, let's say, PNG? Duh!!!!

Re:Tunnel Brokers

[Richard_at_work]

Ignore that, what i meant to say was:

For a complete matrix of ipv6 ranges right down to a /16 and the nubmer of ips in each range, check out powersource, who has a fantastic representation of the scope of ipv6.

Re:Tunnel Brokers

[mikeophile]

Suppose you wanted to replace each cell of your body with a nanodevice.

You're going to need a way to address them aren't you?

Re:Tunnel Brokers

[grolim13]

It makes configuration easier - like DHCP, only without needing DHCP :) Once your router/firewall/gateway machine has an IPv6 address, it broadcasts it the prefix (first 64 bits, IIRC) to the local network. Other machines on the network will configure their own IP address to be the prefix, with their MAC address tacked on the end, and likely set their default gateway to the router.

Re:Tunnel Brokers

[asdfghjklqwertyuiop]

thats 18,446,744,073,709,551,616 distinct ips

Great. Every goddamn atom in your computer has its own bloody IP address. Tell me again why this is important?


It means that every subnetwork in your site can have the same size network. By convention, end customers ("subscribers" is the ipv6 term) are assigned a /48, meaning you get 128-48=80 bits of address space to do with as you please. By convention, the first 16 of those bits are used for your subnet addresses, and the remaining 64 are individual host addresses on those subnets.

To put it in more familiar IPv4 terms, imagine if there were so many IP addresses available that even the smallest sites could be given a class B. Now instead of having to subnet your network into efficiently sized CIDR blocks (eg, the lab upstairs gets 10.123.5.224/28, the billing dept gets 10.123.5.128/27, tech supports dept gets 10.123.5.32/29), you can just say everyone gets a class C (eg, the lab upstairs gets 10.123.5.x, the billing dept gets 10.123.6.x, tech supports dept gets 10.123.7.x). Much easier for humans to work with that way.

To put in in IPv6 terms again, every site gets assigned a /48 (say, 2002:6f2d:9ffe) because the address space really is that big now. By convention, the next 16 bits are for your subnets (eg, the lab upstairs gets 2002:6f2d:9ffe:0001:x:x:x:x, the billing dept gets 2002:6f2d:9ffe:0002:x:x:x:x, tech supports dept gets 2002:6f2d:9ffe:0003:x:x:x:x). When assigning subnets within your site, you only have to keep track of 4th group of bits in the address. See how much easier this makes your life as a network administrator? You can still used small CIDR blocks if you wanted to, but you don't need to. Just giving everyone the same sized subnet is easier for you to work with,

There's also the autoconfiguration thing (host addresses can be assigned based on their NIC hardware addresses, since the IPv6 subnet space is bigger than ethernet address space)...

Re: Tunnel Brokers

[Wesley+Felter]

Tunnel brokers are obsolete; 6to4 is simpler and more efficient.

Re:IPv6 today?

[Richard_at_work]

Its fully usable, and is no longer experimental. There are a number of practical uses, although they vary from person to person. I use a ipv6 range for a number of different reasons, one of which is to protect me from attack when on irc (a ipv6 tunnel is a lot easier and more convenient to drop than your ipv4 connection :) ). The other reason is that you can assign IPv6 ips to machines behind a NAT gateway, and have fully routable addresses, which is handy if your broadband providor doesnt issue you with multiple ips.

Disclaimer: i help run ipng.org.uk, a UK tunnel broker.

Re:IPv6 today?

[Diabolical]

See this link for more info regarding IPv6 and it's advantages in today's networks.

Why the Weird Gateway?

[ewhac]

My limited understanding of IPv6 is that you can deploy v6 addresses locally, and advertise them globally via DNS using AAAA records. You can then talk over the larger Internet using a 6-over-4 tunnel.

Assuming this is correct, why doesn't Slashdot simply advertise an AAAA record, then accept connections through a 6-over-4 tunnel (or natively, if their bandwidth provider can speak it)? What are the technical considerations preventing this from working?

Schwab

Re:Why the Weird Gateway?

[Matty_]

According to Microsoft, this is only supported on Windows XP (just to make it clear to others). They also say that the upcoming Windows 2003 Server will support IPv6, in at least the same state in which XP does.

I think it is still considered "beta" so-to-speak.

US Alternative Tunnel Broker

[fv]

>Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker,
>who gives you a /64 ... and delegates full forward and reverse DNS to you

Great! And for those of us in the States (especially California), Hurricane Electric offers a free tunnel broker with these characteristics that I would recommend.I have been using it for more than 6 months, and find it quite stable. You do lose your /64 if HE can't ping you for 24 hours, but a new one is only a mouse click away. And what kind of geek would leave their computer inaccessible for that long anyway? ;). Initial activation does take a day or so.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

'Have' IPv6???

[jez9999]

But for the people that do already have IPv6 they can use

What exactly does it take to 'have' IPv6? What stuff neds to be upgraded? Application software? OS? Router? Does your ISP need to 'have' or 'support' it? It also seems a hell of a lot more complex to type in an IPv6 address than an IPv4 one, but I guess that only matters if you're not using a domain. Then again, with so many IP addresses available with IPv6 this may be the case, as there won't be nearly enough domains to hold everyone's IP!

I'm sorry that this will sound ignorant, but if I'm asking the question and I'm not exactly dumb, it's no wonder all the AOLers aren't using IPv6! I don't even know how you use it, and there are barely any servers using it either, no?

Re:'Have' IPv6???

[WWWWolf]

What exactly does it take to 'have' IPv6? What stuff neds to be upgraded? Application software? OS? Router? Does your ISP need to 'have' or 'support' it?

OS and applications. Many operating systems already do support IPv6, as do many applications (Mozilla does, at least, as does many IRC clients because there's distinct benefits.)

Router/ISP level support is Nice To Have, but there are tunneling servers that enable IPv4 sites to talk IPv6.

As far as setup woes go, my setup was as easy as 'apt-get install freenet6' =)

Re:'Have' IPv6???

[JayJay.br]

For an IPv6 network to work, all hosts need to be aware of IPv6. That would be "native IPv6" (not sure about the term, but you get the picture!). That is, you need your ISP/OS/Routers/whatever is in the middle to know IPv6.

You could also tunnel IPv6 over IPv4, so two ends could communicate using IPv6 in a v4 network.

Or, you could use a gateway, like sixxs.org. There is some info in the link supplied in the article, but if you want the big stuff, please RTFRFC 2460!

HTH!

Ipv6 is great

[johnburton]

I have a few machines at home and things like a tivo and a Zaurus that need IP addresses. Ideally they all should have proper routable IP addresses so the internet can be used as it is intended. Luckily my ISP (Andrews & Arnold) provide as many IP adresses for my ADSL as I want for no extra cost. But I'm still limited to 5 usable addresses. But they also provide Ipv6 access to the internet and give you a range of addresses. But instead of five addresses I get a whole /64 range which is 2^64 usable addresses. Anyway, if anyone in the UK wants ADSL and to use IPV6 I can recomment A&A as an ISP for this

Re:IPv6 today?

[Erik+Hensema]

An IPv6 address is 128 bits long. Of these 128 bits, 64 bits are reserved for the host part. Usually it's a somewhat mangled version of your ethernet MAC address (a router will broadcast a prefix, and client machines will simply append the mangled version of their MAC to the prefix -- this is called autoconfiguration).

This means you need a /64 subnet on each segment.

Usually providers will assign you a /48 addressspace, giving you roughly enough space for 65000 subnets.

Of course these addresses are routable: you don't need NAT and your machines are reachable from the internet.

IPv6 is like the Chicken and Egg story

[lemmen]

Everyone knows the Chicken and the Egg story (which came first), with IPv6 it's the same:

*) IPv6 is ready to deploy, however not much ISP's are supporting IPv6.
*) ISP's are not supporting IPv6 because there are no customers who uses it.
*) Customers aren't using IPv6 because there are no applications who uses it.
*) Software developers aren't creating software because nobody uses it.

As you can see there's a loop. The main thing is to break this loop and this project is a step in the good direction.

I'd like to encourage all ISP's to actively implement and promote IPv6. And you as 'consumer' can also promote IPv6, play with it even when you ISP doesn't support IPv6 yet (with IPv6 Tunnels for example).

Just my 2 cents.

IP6 is too complex for general acceptance.

[Viol8]

Lets face it , unless you've got a Phd in networking chances are that some facet of IP4 routing , setup etc still confuses you. This goes for network admins too. Now multiply the complexity of ip4 by 10 and you get the nightmare that is IP6. I've tried to set up a home ip6 network that linked out to the internet but , oh my god , what kind of idiots invented this system? I'm sorry , but even computer admins are human (yes its true) and we REALLy don't want to have to mess around with 128 bit meaningless entries in routing tables that were complex enough with 32 bits! Yes ip6 does some autocofiguration but someone has to set up the system so that some host does the autoconfig. Ever tried it? Don't , not unless you want to end up in a padded cell. Even networking protocols should be designed for people to be able to use and I'm afraid with ip6 that simply hasn't happened. Back to the dsrawing board guys!

Re:Stupid question...

[flink]

It was an experimental protocol that never made it out of the lab. At least that was what my networking prof in college told me :-P

Re:IPv6 today?

1. There are some things you can't do with NAT. For example, some VPN tunneling solutions can't be used over NAT.

2. What if you want to run a service on the same port on multiple machines. With NAT you can only forward a port to a single machine. With fully routable, there are no problems.

3. What if you NAT an office and some idiot is poking around other peoples networks. With NAT, all you know is that the connection came from your office. With fully routable IPs you may be able to tell whos machine was the culprit.

These are just three. There are many more...

MacOS X and IPv6 and other OSs

[Midnight+Thunder]

Even if your local network infrastructure does not support IPv6, all installations of MacOSX 10.2 have and IPv6 stack. The following is taken from doing an 'ifconfig' at the command line:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULT ICAST> mtu 1500
inet6 fe80::230:65ff:fed6:b164%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:30:64:d6:b2:64
media: autoselect (100baseTX <full-duplex>) status: active

From what I can tell MS-Windows is still a little behind, as can be seen from this page. As for other OSs I am not aware of their support status. If you do know, a reply to this post would be handy to most.

Re:MacOS X and IPv6 and other OSs

[Sentry21]

From what I can tell MS-Windows is still a little behind, as can be seen from this page.

There is an experimental IPv6 stack for Windows 2000 Service Pack 1 (which will not install on 2 or 3), but there will never ever ever in a million billion years be a production-quality stack for Windows 2000, because of issues with people not spending $200 on XP.

XP comes with a development IPv6 stack included on the CD, and Service Pack 1 comes with a production-quality IPv6 stack. Windows 2003 will include a production-quality stack as well, as will CE XP and .NET and any of their other newer OSen.

As much as I disapprove of MS for not bothering to support IPv6 in 2k, and despite knowing why they did it, I still encourage people to upgrade if the choice arises, if for no other reason than you won't have to upgrade again later to support IPv6.

Oh, and write your ISPs.

--Dan

Modified URL format

[Midnight+Thunder]

Because IPv6 numeric addresses use colons as opposed as part separators, the URL syntax has had to be ammended. The following is now a legal URL (the squared bracket isolates the numbered IP addresss, so the port number is not confused with the IP addresss):

http://[66.35.250.150]:80/

Last time I checked this worked with Mozilla but failed will MS Internet Explorer 6.0 on Windows.

The dark lining

[0x0d0a]

- ... supports QoS features.

So does IPv4 -- it's just that no one actually *uses* them.

The main thing that I *really* don't like about IPv6 is that, while it isn't a mandated part of the protocol, it seems that the overwhelming direction being pushed is to make the last 48 bits of your address your MAC address. Which *really* has nasty privacy implications -- 'slike a universal cookie, visible to everyone, that anyone can see (not just http servers).

Re:IPv6 Quick links..

[leoboiko]

I think NetBSD's Introduction to TCP/IP Networking has a pretty good intro about IPv6, even if you do not use NetBSD.

Stop the madness!

[Pii]

You're right about a 21-bits part, but you're butchering the rest of it.

For starters, classful routing on the Internet has gone the way of the Dinosaurs, and good riddance. CIDR saw to that (Classless Inter-Domain Routing), and when BGPv4 became the standard, all was right in the world (Because it implemented CIDR, by carrying Netmask along with the route entries).

In casual conversation today, we still use terms like Class B, or Class C address space, but they don't refer to the actual Classful network boundaries of yore. Today, when someone refers to a Class C address space, they simply mean a 24-bit address space. Likewise, a Class B means a 16-bit (/16) address space.

You say your netmask is 255.255.248.0. This represents a larger address space than a Class C, which has a mask of 255.255.255.0 (or /24).

Your address space is the aggregate of 8 Class C networks. Your network is configured to utilize the first and second octets, and the first 5 bits of the third octet as the network address, leaving the remaining 3 bits of the third octet, and the entire fourth octet as the host address.

That represents a network segment consisting of up to 2048 hosts (Ok... 2046 since you toss the first and last as the network address and the broadcast address.).

In short, your network engineering staff ought to be shot, because damn, that's a really big subnet. There's just no good reason to have that many hosts on a segment.

It's possible that you guys don't have anywhere near that many hosts, but if you do, without even looking, I can tell you that your network is a bit of a show. I hope you have your highly-loaded servers on their own segment, because the number of broadcasts must be tremendous. Even in a switched environment, those broadcasts must be propegated everywhere, and every machine in the network has to stop briefly to examine each and every one.

Your organization should look at some Layer-3 segmentation...

Gateways/caches should _NOT_ change the user agent

[ClarkEvans]

SixXS-IPv6Gate/1.0 (IPv6 Gateway; http://ipv6gate.sixxs.net; info@sixxs.net)


Bad! Many sites go through painstaking effort to be compable with all sorts of user agents, giving plain HTML when one is not recognized. By re-writing the user agent these people prevent this magic. Not good. Instead it should add it's own key/value pair, much like SQUID or other cache/gateway.