Slashdot Mirror
U.S. DoD Commits To IPv6
babaloo writes "According to this
article the U.S. Defense Department wants to move it's entire network to IPv6 by the year 2008. Will this be what pushes at least U.S. based companies and providers to actually convert over?" It's definitely a shot in the arm that IPv6 needs. This seemed to be more of a priority back when NAT was much less prevalent, but it seems we'll eventually find ourselves on IPv6, even if we drag our feet there.
This seemed to be more of a priority back when NAT was much less prevalent
Since several states have already banned NAT, and several more are moving in that direction... perhapse IPv6 will be necessary much sooner than we think.
no comment
You know, call me weird or something, but I happen to like NAT and, well, pretty much fully understand IPv4.
:)
... learn it.
:)
Yeah -- I know how to use a Linux box as a decent router and setup Firewall's as needed, etc.
The fact that I'm not doing anything SERIOUSLY complex helps:
- Web servers (port 80 and 443)
- imaps (port 993)
- ssh2 (private port with honey-pots all over
- other misc needed ports and tunnels as well.
ONLY ports I specifically opened up and re-directed are available to the general Internet. Firewalls run internally as well, but many more services (lpr, smb, hell IPX is stilled used/preferred for accounting work)...
With IPv6 I'm probably going to go the route of:
1) Ok -- I *basically* understand it, but honestly haven't wrapped my brain around it
2) Try and get a few IPv6 addresses as needed
3) Update front end router to use it work with it.
4) Tunnel it back into my IPv4 network per port as needed. IPv6 NAT if you will...
I really don't want anything/everything directly connected to the Internet. At anytime. Except the Internet network router. These ISP's selling "Windows DSL modems" where it plugs directly into USB or the Ethernet is NUTS, IMHO.
Once in a blue moon I'll come across a Linux box that has ftp (for example) enabled and there really isn't the want/need for it. Oops, not Firewalled either... Glad it wasn't directly on the 'Net (!)
Even when the need _has_ arisen to put a box completely on the Internet directly it's been easy enough to setup a 1:1 map on the router... While the video feed was going on I personally would be nmap'ing the box to double check the firewall settings...
Of course the problem exists because, well, it is TOO easy to get on the Internet. Too many have no clue what they are doing, but they get email (!) Yeah. Those are the ones spreading virus' and not knowing it or have a hacked box spewing spam around the world. Some problems could also become moot with IPv6 in regards to security and accountability...
!fp
Ah, but if you're shipping networking gear, the telecom industry is broke, so the only major source of customers is the military. You're going to design to fit the requirements of the paying customers, and as keeping two designs going is more expensive, there will be more and more ipv6-capable gear sold to everyone if the military demands it.
People forget that as late as the early 80s, the US military bought 50% or more of all electronics purchased in the US.
You want to have vastly more addresses than can ever be used; this will kill scanning attacks by black hats and spammers who just try every network address looking for a victim. Anyone scanning thousands of bogus addresses for every real one will trigger all kinds of alarms.
If that's true than good, the Metric system takes everythign we know about number theory and throws it out the window in favor of something that only has one saving grace, it's easy to move up or down in scale.
An essay on the Metric system puts it much better than I could.
If Metric is so great why isn't time based on divisions of 10? or trigonometry? They're both 12 based which is a good thing.
Metric time is based on divisions of 10. And so is the metric calendar.
If tits were wings it'd be flying around.
It is definitely a good thing, but the US isn't going to shift to IPv6 just because one government department has decided to use it. It will happen by people getting involved with IPv6. Jump on the 6-bone today.
www.freenet6.net, it's free.
because much like a greater part of history, time and period of days etc have religious backgrounds/history to them. 7 is the number of God , 12 and 24 represent a priesthood if I'm not mistaken. The methods we use for time were developed long before the metric system was a twinkel in it's daddy's eye.
just me 0.02c
Yeah, you're right. No system should be needed because the editors, who are paid to do their jobs, should take all of ten minutes a day to read the headlines.
Sheesh, and they expect us to subscribe for this shitty service and shitty "customer is always stupid" attitude.
Check out the FAQ: "Why don't you do this simple thing to make the Slashdot experience better?" "I'm too busy." "Well, what about this one?" "Busy." "This?" "Busy."
What the fuck are the Slashdot editors so busy doing? They don't read their own site and they don't fix its problems.
IPv6 is picking up steam, another push like this is going to make it appear in all new computers a little bit sooner.
In every installation I've rolled out in the last few years, I've specced IPv6 support. Every network, router, interconnect, carrier and transit has had IPv6 working. Not always working very well, but enough that people didn't notice whether their traffic went over IPv6 or v4.
Solaris has had IPv6 for several years, and the current release its on by default, plug it into a network with an IPv6 router and it works. M$ is playing catch up by including it natively in XP, but it still takes some tweaking. The linux distros will have to start making it enabled by default (no more kernel recompiles), but that may be happening as I type this. More and more applications are being written as fully IPv6 aware, and most of the traditional apps like ping, FTP, traceroute and SSH are now re-written to use IPv6 when a AAAA record is returned from a DNS lookup. There still is a lot of work to be done, like fully working dynamic DNS updates, and DHCPng, route servers, and a free (as in everything) certificate system for IPSec. Every new release of every browser should check for IPv6 and use it whenever possible, M$ claims that will happen starting with their next desktop releases.
Where I've seen the most far-sighted development is in the newest generation of GSM mobile phones. All the big players are including IPv6 in their current handset designs, and the carriers are now developing value added services to sell. So its not just each phone is individually addressable, but can roam onto competing carriers networks and still have a globally accessible address. Internally, every carrier in Europe with 2.5G/3G services is running IPv6 for everything (except for a few dinosaurs about to be extinct). The other big area is giving each credit card with a smart chip (anti-fraud and verification chip) a range of IPv6 addresses. When the card is put into a reader or used for an online purchase, the chip will actively participate in the verification step by being uniquely addressable and requesting end-to-end encryption. There were several card manufacturers showing off their tiny IPv6 stacks at a recent smartcard trade show.
As I've pointed out in a post months ago, many ISPs here in Europe are making IPv6 available for early adopters, in the hopes of riding the next wave to some higher margins. I've had clients ask me for advice on getting onto the "new internet", because they didn't want to get left behind on the "old and obsolete internet". Then I point out how they are already on it, and my installations use the "new internet" whenever possible.
IPv6 is here, it works, and soon consumers will make it a "must-have" item when buying a new computer. When that starts happening, then techies with a few years of solid IPv6 experience will be sought after for their skills.
the AC
working with IPng/IPv6 since 1994
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Oh wait. This essay about how metric sucks is really about how metric lacks names for things in convenient sizes. In the rulebooks.
But language allows us to use the old imperial names for our old convenient sizes. I know running around school buming change for a "pint" is much more convenient than saying "5683 milliliters".
Try doing anything complicated with the old measurements. You need to remember fairly complicated names and values for each measurement to do math with them.
Take a look at the tables on http://convert.french-property.co.uk/ who knew a cubic foot of water was 1728in3, which would weigh..... um. you get the picture.
1 milliliter of water weighs 1 gram. a liter weighs a kilogram. a cubic meter weighs a tonne. or 1000 kilograms. or 1,000,000 grams. easy.
We can go and buy pints at the store, and they sell bottles of 0.57l bottles. We call them pints, and that's just fine.
"It is simply not feasible that we will ever need anything more than IPv6."
baring an artificial scarcity. Like somebody buys 300 trillion trillion of them. You think thats unlikly, but if some company offered everybody on te board of "whoever will hand these out" 10 million dollars, do you honestly think they would run into a problem getting them?
Hell, if I had the money to do so, I would the resale on these would be huge.
The Kruger Dunning explains most post on
It isn't actually that every computer has one IP address - it's really that every _network_interface_ has one IP address, but if you've only got one network card that's close enough to the same thing. The IP address has two parts, a network part for the network you're connected to and a host part for your machine itself. On the current IPv4 the address is 32 bits, which was plenty back in 1980 but is looking a bit tight now, while the newer IPv6 stuff that almost nobody uses yet has 128 bits, which really _is_ enough for everybody. The actual storage it takes up isn't very big - the 8 bytes of IP address is a lot smaller than the 4KB of email message you were sending or the 64KB JPG or 4MB MP3 you're downloading.
So your computer knows its IP address, and the space of IP addresses for the local network it's on, and usually the IP address of a router or other host that's smart enough to figure out how to route packets to the rest of the world. There's a protocol called DHCP (Dynamic Host Configuration Protocol) that lets machines that don't know their IP addresses broadcast a request for somebody to tell them who and where they are. There are simple routing protocols like ARP for finding the ethernet addresses of other machines on your LAN, so your machine can talk to the local machines, and a wide range of routing protocols for finding how to get packets to the rest of the world and how to tell the rest of the world that you're there. Usually, though certainly not always, an end-user computer or a server machine isn't running the routing protocols itself - it usually has the address of a router, and sends any traffic that's not for local machines out over to the router to take care of.
A router might or might not have to run routing protocols. In a typical home or small business, there's just one LAN connection and one WAN connection, and any traffic that's not local gets sent out the WAN connection to the ISP. But if you've got more than one connection (e.g. if you're an ISP), then you need to know about the topology of the outside world. Usually this is done with BGP, and what really matters isn't so much how big the addresses are that a router keeping track of, but how many ranges of addresses it's keeping track of, e.g. how many ISPs or big businesses it knows how to get to, and how many outgoing connections it has to get there on.
IPv6 was supposed to do lots more than give us bigger addresses and make IPSEC-like security standard. One of the things it was supposed to do was provide better ways to aggregate information about networks and connectivity to make routing protocols easier to use. I'm not convinced that it really succeeded.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Second, that essay sucks. For instance, a pint is not 250ml, but 568ml. The reason people order pints of beer instead of 568ml (or even a half-litre) is mostly historical, but it's also because it's handy to have a nice short name for a measure you use often. If they had used metric for beer all along, then people would have needed a short nickname for a half-litre, and perhaps they would have called it a pint. It's the same way we call kilometres "clicks", and it has nothing to do with base 10, or fractions, or "number theory" as you say.
This guy goes on to say:
No, we are most certainly not back where we started from. If you like to give a name to 3/7 of a metre, that's your business, but I like the fact that I can do mental math in metric, and convert units just by sliding the decimal point.
For example, if I'm travelling at 31km/h, what is that in metres per second? It turns out the hardest part of that calculation is converting hours into seconds, which involves dividing by 3.6. As far as mental arithmetic goes, it doesn't get much harder than that. There's your precious number threory for you. And it only gets worse if you try to turn 31mph into feet per second.
In contrast, if my car uses 7.3 litres of fuel per 100km, what is that in millilitres per km? It's 73. It's so simple you can do it in your head, and get your answer with as much precision as you want, so long as you are capable of sliding the decimal point properly for each unit conversion.
Later, we find this demented little nugget:
The problem here, if you'll take a moment to think about it, is that the authors of these cookbooks are not using the metric system. If they were, the problem would disappear. (In fact, if they would use any consistent system, the problem would disappear.)
How the author manages to blame this on the metric system is beyond my comprehension.
The best part comes next. I think my whole attitude on this "essay" can be focused on this one small quote:
You don't need to read anything else in this essay---even the rest of this paragraph, where he goes on to say that people buy wood in 120cm lengths---because it's all here. Nobody cares if you can't divide a metre into 3, just like nobody cares if you can'
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....