Slashdot Mirror
Free IPv6 Subnets Are Going Away
ar32h writes "The 6bone is going to be phased out soon.
This means all of us who have IP addresses or subnets beginning with 3ffe from tunnel brokers like Freenet6 are going to be sorry out of luck." According to the linked phaseout plan, "It is anticipated that under this phaseout plan the 6bone will cease to operate by July 1, 2006, with all 6bone prefixes fully reclaimed by the IANA," but there are a number of sub-deadlines along the way.
Oh wait...
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
I used a 3ffe prefix a few years ago to get acquainted with IPv6. These days, my JANET provided tunnel serves me well. Performance to a lot of 6bone networks has been deteriorating with all the free subnets they have been allocating.
"...by July 1, 2006, with all 6bone prefixes fully reclaimed by the IANA," but there are a number of sub-deadlines along the way."
would it not be more useful to name the closest deadline, not one three years away!?
mmmm pissed @ boathouse chester.
the IANA giveth, the IANA taketh away. Are they running out of addresses already?
You can get free IPv6 subnets using the much more efficient 6to4. 6bone isn't needed any more; that's why it's being phased out.
2006? Who cares, we will all have jet cars by then...
Hurricane Electric also provides free IPv6 tunnels...I used one to play around with IPv6, but tunnels seem to have fairly high latency.
Are they afraid they're gonna run out of IPs or something?
the 6bone network was a TEST NETWORK, if you didn't fully expect this TEST NETWORK to go away after a while, you are just plain delusional.
Here's the relevant text, snipped from the TOP of the memo (i.e. you didn't even have to read MUCH of it.)
The 6bone was established in 1996 by the IETF as an IPv6 Testbed network to enable various IPv6 testing as well as to assist in the transitioning of IPv6 into the Internet. It operates under the IPv6 address allocation 3FFE::/16 from RFC 2471. As IPv6 is beginning its production deployment it is appropriate to plan for the phaseout of the 6bone.
So, please, please, PLEASE stop complaining about something that was supposed to be going away from the very beginning!!!
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
refer to RFC 2471, which established the current address allocation: "These addresses are temporary and will be reclaimed in the future."
And why are they closing the 6bone? "As IPv6 is beginning its production deployment it is appropriate to plan for the phaseout of the 6bone."
They're just cleaning up from the testing phase so they can move into official use. It's only a step backwards if you consider the end of a beta test a step backwards.
6bone? Oh my, i've slipped onto one of those sites again! /me closes before mum walks in
ARIN is the reason there are no more IP addresses. Their polices don't allow small compaines any way to dual home and their stupidity results in lots of compaines getting far more addresses than they need. Did you need more than a /24? I know you got more because they can't dish out any less than /22 or so now.
I think that ARIN should start a policy that for any new allocation, 1/16 must be dual homeable. These addresses would be dual allocated to two ISPs at the same time and that any large ISP that needs more address space must set up agreements with other ISPs. This would force them to change from the model they use now to one with more cooperation.
Right now I need 16 address that can be routed via either NTT or Telstra but to get 16 with ARINs model, I have to pay then too much and then they give me far more addresses that I will ever use.
first time i read it as "I am not anal"
;-)
Or, if you're a sci-fi nerd liking Isaac Asimov, you'd read IANAL as "I, Anal".
Beware: In C++, your friends can see your privates!
Yes 6bone itself is going away, which means the 3ffe::/16 address allocation is going to be reclaimed down the road. What this means is tunnel brokers like freenet6 are just going to need to get a new address allocation. There are a number of tunnel brokers already using other addresses, mainly under 2001::/16. So for all the posters who are going all doom and gloom, get a clue, wait, this is slashdot.
I wish people would *read* the articles first and *understand* what they mean before blathering on about them.
-AS
You do realize that you can get a block of IPs from one of your ISPs, and if they are willing, they will SWIP it to you, assign you an ASN, and you can do BGP between the main ISP (that the IPs belong to) and any other ISP that will do BGP with you.
/20 as of 1998 i believe it was)
/20 or more, you are suppost to buy the block from ARIN directly.
:)
/24 of theirs on its own ASN, and tell the other ISPs you use to route over the whole block. /28 out of that, your more than welcome to. /24, it would be more wasteful to leave them unused than to simply route them to you in the first place.
Even if your link to the main ISP goes away, your IPs that belong to them will still route through the other ISPs you have connections to.
This is how you are suppost to get IP space and multihome for small blocks of IPs. (Small being under a
If you need a
In their contract, it actually states you have a years time to renumber your networks and give the ISPs IP space back to them, and use only your ARIN space. If you dont give the ISPs space back, you are in voilation of your contract.
But the whole reason that is there is because getting an ARIN block of IPs is an upgrade path from your large block of ISP IPs.
Both can still do BGP just the same.
Also to get an ARIN block, you must be multihomed already. That in itself should tell you you can multihome without their help
The main problem is, alot of routers are configured to ignore routes smaller than a C class (/24) so if you got less than that, they cant garentee all backbones over the world will have routing table entrys for their customers/transiant trafic to find your network.
Any backbone that used such filters would never route traffic to you, either from their customers, or from anyone that has to route packets through them.
Backbones do this because they do not want to buy memory for lots of routers. This has nothing to do with ARIN.
Some nicer ISPs will still do BGP with you on very small blocks of IPs, but as a large chunk of the net wont see you.
The only way to solve this is for the main ISP to mark a whole
If you want to subnet just a
But as the ISP cant use any of the other IPs in that
What? You are not a what?!
Computers are useless. They can only give you answers.
-- Pablo Picasso
I don't think you know what you're talking about.
The IPv6 protocol declares that extension options are end-to-end, meaning that in-between nodes do NOT look at any of the options headers. The ONLY exceptions are the Hop-by-Hop option header, the Routing header, and the Destination options header.
Packet fragmentation and reassembly are ONLY done by the source and destination nodes. (Yes, the underlying link may do fragmentation, but that is entirely the problem of the layer below, IPv6 does not care...) The IPv6 header area - which includes the Hop-by-Hop header, Destination options, and Routing headers, if present - is considered UNFRAGMENTABLE.
You need to re-read RFC 2460.
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
ON TOPIC: It reminds me when I was a kid and our neighborhood was being built over a period of several years. It wasn't one of those circuit neighborhoods where they develop three floor plans and build 1000 identical homes. This was a neighborhood where you bought the land and were then responsible for buying your own floorplan and/or hiring an architect to design or modify one for you. We had lived there for a number of years, and during that time, my friends and I had turned some abandoned lots, still covered with trees "in the wild", into our "clubhouse." It was really cool. We had put together these cheezy, sloppy little shacks with all kinds of construction leftovers from other parts of the neighborhood, like 2x4s and pieces of thrown away plywood. It was probably dangerous--these things could have toppled over on our heads because they certainly weren't nailed in place. But we were kids, so who cared? There was even a small crater where a four-seater airplane crashed some years before, and that was our "punishment hole." If all the kids voted that one of the kids was a troublemaker or a bully or something, then when that kid came outside to play, he had to sit in that pit all day without being allowed to play with the rest of us, and this had to go on for a specified number of days. (Nobody ever got sentenced to that punishment though.) It was really cool, and this went on for a number of years. One day, we go to our "clubhouse" to find that all our stuff was taken down and there was a big bulldozer knocking over all the wild foliage. They had already taken down a few of the trees and were in the process of clearing the rest of the land to begin construction of a house. Of course, I was a kid and didn't understand these concepts, so I remember running home to my parents and yelling that someone was tearing down our clubhouse! They explained that this land had belonged to someone throughout all the years that we had used it as a clubhouse but they just now got around to developing it. So how come we were being kicked out, I asked... My parents said, "You should be happy that they let you use that land for all this time, instead of complaining that you're being kicked out!"
That's what I have to say about this 6bone. Don't bitch about getting kicked off. Be grateful that you had the 6bone at your disposal for about six years. And then drink Negra Modelo, get drunk, and feel no pain.
Currently the internet uses IP protocal version 4. Version 6 is supposed to fix some of the problems of ipv4. Notable among these is the larger address space (128 bits instead of 32... actually I seem to recall that this may also have changed in the spec to an expandable scheme(?)), and things like QoS.
The biggest problem is that none of the primary routers support it. Network providers aren't interested in the expense and difficulty of upgrading, and hence aren't buying the new equipment and software required. Others are waiting for the equipment and software to become more common. In turn, product and software manufacturers aren't terribly interested in it until they get orders. Others are waiting for everyone else to use it (and be the Guinea pigs).
A "chicken and egg" situation.
The Internet has some serious problems that need fixing, but it also has way too much inertia to allow change to occur.
why do you think that ip6 is going to remove the necessity of NAT? I've seen several network installations that use 1-to-1 NAT. This configuration does not cause anywhere near the number of problems that you are thinking of. I can even think of one site that used 1-to-1 NAT twice on the same network block. Once to go from public IP to a private range, and then on the other side of the network another router did 1-to-1 NAT back to the packets' original IP.
Not to mention that many users of consumer level NATing devices (Cable/DSL routers) do so for financial reasons, not out of necessity. Why pay your ISP for another IP address when you can run upwards of 200 machines on the one you already have.
My spouse works for the cable co, so I get free cable modem service, but I only have 1 IP because I'd rather not play the dhcp game with every machine on my home network, praying that they stay within the same subnet so they can talk to eachother directly. Plus, I don't like the idea of all of my local traffic being bridged to the NOC just because the modem firmware doesn't know any better.
Guys, there are a lot of misconceptions about IPv6. I appreciate this - it's not an intuitive subject, and it's possible to believe you know a lot more about it than you actually do. But, the details are there. Please do the reading and start asking your ISP for connectivity. No, your real ISP. There are people out there who want to deploy this, now, and we're waiting for customer demand. Go nuts!
Dave
Note that any single IPv4 address can be used to claim a /48 -- that's 80 bits of address space -- of IPv6 address space by sticking 2002: in front of it, e.g. 192.0.2.69 -> 2002:c000:0245::/48. This is called 6to4; see RFC 3056.
Sources please!
*cough* two core routers dual-stacked where I work, one scheduled for next wednesday, the rest to follow in the weeks following. Abilene supports IPv6 natively. CA*net supports IPv6 natively. SURFnet supports IPv6 natively. IPv6 traffic exchanged at LINX and AMSIX. NTT Europe launched commercial IPv6 service in Europe on 19th February.
Btw. Any chance you could ask your ISP for IPv6 connectivity? From your post it sounds like they could do with some customer demand. :)
i have heard of ipv6 and have a vague idea of what it is, but could someone elaberate?
A revision of IPv4. The big things it adds (well, that I care about) are:
* More QoS stuff. No one used the IPv4 stuff that was already there, but maybe someone will change their mind, and we'll have tiered bandwidth packages someday ("I want 50 megs of high-prio data/week, 5 gigs of regular/week, and 50 gigs of low-prio data/week...if I exhaust my quota, just kick the packets down to the next prio level")
* IPSec built in. All connections can be encrypted, if both hosts feel like it.
* Bigger address space. This lets organizations get rid of stupid shit like DHCP/bootp with non-static IPs and NAT. Basically, everyone who wants one can have a static address.
We aren't using it all over because Cisco routers are overpriced, and companies that spent lots of money on an IPv4 router don't want to do the same for an IPv6 router. It is not used much in the US, because of the huge address space allocated to the US. IPv6 is more commonly used in Japan. There are also a number of people tunneling networks of IPv6 machines together over IPv6, which is what things like the 6bone were designed to do.
There aren't really any downs to IPv6 other than the replacement costs. Possibly privacy issues -- there's been interest in using your MAC address as the last bits of your IPv6 address, which seems incredibly stupid to me -- like one huge, protocol-independent, world-readable cookie, but whatever.
May we never see th
Let me put it this way.
:)
A long time ago, we had a network. It was quite good. It was the phone network. It was great, but it carried voice traffic, and not a whole pile else.
Some bright spark had this notion of packet switching, and it caught on. It's like this - once you deploy the packet switching network, the telco is no longer the arbiter of what applications are run on it. You are. You can run a mail server, I can run NNTP, and some maniac over there is writing something called a Web Browser.
The innovation that made the internet what we know today came from the fact that any idiot could develop a protocol, not just a telco engineer.
Now, cut forward. We have an internet, but we're kind of short of address space, so we use a lot of NATs to conserve them. What's going on here? Well, I can use a sensible TCP application, but that's about it. If I want to run some crazy app that needs Multicast, or an instant messenger, or something that just doesn't get on with the TCP congestion algorithm - well, not only do I need the permission of my network security team (which is good and proper) - but I need support from the NAT box.
The NAT box needs to support my protocol, which might not even exist yet. You want to talk about chicken and egg?
And innovation stops. There's a lot of talk of the end-to-end principle and handwaving and that, but that's the meaning - there's no more innovation.
NAT is not a security policy. It's a means to conserve addresses. It has an added feature that prevents you connecting directly inward to hosts on the network - but so does a stateful firewall. The point of compromise is exactly the same. It's rude to use global IP space behind a firewall like that in IPv4 land, but only for purposes of conservation. In IPv6, that doesn't apply.
I'm not claiming that IPv6 is going to solve all these ills - but NAT is a bigger hassle than you give it credit for. A prerequisite for solving this is having mnore address space. We'll tackle the rest in good time.
If you happen to have at one IPv4 address, you are automatically allocated a /48 subnet on IPv6 with 6to4. For free. Good luck trying to run out of addresses (for the non-initiated, a /48 contains 2^80 addresses).
This article is unnecessarily alarming, but then again, who would bother reading an article with this headline: "6bone users have to change addresses in three years"?.
Finally! A year of moderation! Ready for 2019?
Given that there are 2^128 (= 3.4*10^38) addresses available, how about a group unilaterally grabs around 10^30, a very small (negligible?) portion, for free distribution? Each person on earth gets allocated around 10^20 addresses for their personal use. Allocation could be done by setting up a web site and having a script that keeps track of enough details to uniquely identify a person and allocating them an address block. It will be up to each person to honour others' address allocations and keep to their own turf. Given that each person can easily get 10^20 addresses of their own, hopefully the incentive to invade other people's address space will be small. As new people are born, parents can divide their family pool among their children. 10^20 addresses should see even the most active couple out for quite a few generations.
IANA can have fun assigning the rest of the (10^38-10^30 = a big number) addresses.
If IANA don't like this, they can go and make a running jump. As long as enough people participate in the scheme (and the network is decentralised enough) it will work.
NOW is the time to do this! One does not need the network to be implemented to allocate addresses!. If by the time IPv6 hit the streets a few tens of millions of people have personal address spaces allocated, it will be difficult to demand that IANA be the sole issuing authority. If enough people have allocations, and someone tries to take them away, the ballot box might even come into play.
The above is just an idea.
These ones think it means a withdrawal of IPv6.
Far from it. The 6bone was established when nobody had IPv6 stacks really, nobody really used it. It was a playground to try it out. And we have been.
Now, Sun has IPv6, Cisco has it ready and waiting, the BSD's all have, Linux has it, AIX, HPUX, MacOS X. Hell even Windows has it. (I await MS's announcement of its invention soon).
IPv6 is here and ready and tested.
The notion of closing the 6bone (discussed for months on the 6bone lists), is that in 3 years you SHOULD be able to get IPv6. Not tunneled, no long hops.
Me? I call my cable modem people (dsl before I moved) and would get the second level tech support people and ask for IPv6 support. Try to get it on their radar. Wouldn't you love your cell phone to have an IP address? Hell, wouldn't you love a (firewalled) IPv6 aware electrical outlet? (x10 is getting old and lame).
So you have 3 years to convince your ISP that they should have IPv6.
This isn't the place to go into details, but it's designed and planned to run concurrently with IPv4. This isn't like the NCP/TCP change over where there was a huge redflag day for all 200 hosts on the Arpa net.
Everything in my house speaks IPv6 except a printer and a terminal server (you do all have terminal servers for those serial toys, yes?). Those will never be upgraded - too old. When I ssh, mail or browse, if they have a 6 address and I can reach it, it gets used. Otherwise it falls back to IPv4.
At work, if you have a subnet with all IPv6, you can turn off IPv4 and let your edge gateway it. But you may not be turning off all the IPv4 until that last printer dies. Do it subnet by subnet and leave IPv4, but just watch it not be used.
Bonuses?
No more need for NAT (I have 65 thousand INTERNETS of addresses here).
IPv6 stacks are looking faster than IPv4 (not based on a presumption of 16 bit PDP-11 processors).
So where the hell is www.slashdot.org?
nslookup -q=aaaa www.slashdot.org
Can't find www.slashdot.org: Non-existent host/domain
One of the big problems with IPv4 is that worms can trivially scan the complete address space. With IPv6 that is not practical. This means that worms would have to use other methods, such as guessing dns names and resolving them to IPv6 addresses. This would slow them down tremendously and cause them to fail to hit most of the vulnerable machines. In contrast, Code Red managed to get behind firewalls in many companies. To me it looks like the IPv6 scenario is safer to a naive user (the kind who thinks that NAT protects them), and any security policy that is applied to IPv4 can be applied equally well to IPv6.
Finally! A year of moderation! Ready for 2019?
A /32 net is a really big chunk that is intended for providers, not users. You should get a /48 from your provider without problems, which leaves you with 2^16 local subnets and 2^64 hosts per subnet.