Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
Is this article technical or is it political? It sounds as if it might be better suited for the opinion pages.
MIT is one of the great hogs of current IP addresses, maybe if issues like this were addressed no knew system would be neccesary.
vampirical
Well sure the ipv6 code isn't as tested as ipv4 and might be insecure at first... But did that stop the internet from being built on ipv4? It's a stupid argument against upgrading to a new technology.
Cthulhu Saves.
How many people read that name at first as "Simon Garfunkel"?
Think of all the pr0n sites! Now instead of millions of sites full of crap, we get TRILLIONS of sites full of crap! Yippeee!!!!
Dude. Dude. Dude. Dude. DUDE!!!! Duuuudde. Yeah, I guess you have a point there. (Baseketball)
IPv6 is native in Windows XP as a module.
It's just not active in...........anything else. No routers have it. No providers have it.
I dunno what the problem is, but if MS can beat it to market, there's something wrong.
Sure, they're not exactly the most honourable or squeaky clean businesses on the planet, but they sure as hell are the most popular.
0110100100100000011000010110110100100000011000100
All this talk of IPv6 has got me thinking about its possible effect on existing internet tools like ssh, ftp, telnet and apt-get. Will their normal functioning be affected at all by the increased address space and QoS provisions in the protocol? Or are these changes totally transparent to pre-existing apps, which will only need to be re-written to take advantage of the extended functionality? Will I need to update my apt.sources file?
security and functionality over speed. Speed will catch up, eventually. doing NAT everywhere sucks. If speed is the biggest con, then, well, there is no con.
Simon Garfunkle. What is it all about... is it good, or is it whack?
Yes, you are the only one who read it that way.
Those of us with at least some technical literacy know who Simson Garfinkle is.
His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems
First off, even if IPv6 is untested, it doesn't mean that it is insecure. It has been in development for a long time and I'm sure that all forseeable security holes have been patched. Secondly, IPv6 will not encourage P2P copyright violation. It will simply make more servers available and relieve countries in need of more IP addresses; especially in Asia!
and of course, that the switch is never going to happen anyway
Oh, whatever. Tell that to people when we are finally no longer able to effective manage the IP addresses that we've run out of.
The coolest voice ever.
The result of this decision made nearly 30 years ago is that the Internet simply cannot handle more than 2^32 or 4,294,967,296 devices.
I thought we were running out of /20 assignment blocks, not addresses.
/28 anymore except the IPv6 approach ends up using 4x the memory for each address.
Of course if you increase the number of assignment blocks, routers will need more memory and were back to the same reason no one will route a
Hey MIT - do you really need/use all 16.7 million IPv4 rotable addresses you have? Why not share a few?
Don't blame me, I voted for Kodos
IPv6. What is it all about . . . is it good or is it whack>
PCM2 and Timothy, fucking attention whores.
The articles says nothing of the kind of crap suggested by the submitter.
The quote doesn't even appear in the article.
Fuck you PCM2 and Timothy.
Interesting... The author slates NAT for being an easy security option, causing firewalling problems and not letting each device have its own IP. Then he seems to fail to mention that letting each device have its own IP opens up a whole host of possible attacks. Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?
1) Install the Longhorn pre-beta, build 4096 ...by default(!)
2) Start > Run > cmd
3) type ipconfig
4) notice that it tries to get IPv6 address
I have an ipv6 tunnel set up cuz I'm a geek but I still cant figure out what to do with it?? Help!
Sig: BEEeeeP,,Please press pound, so I can get on with my fucking life!
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Walker sees NAT as encroaching oppression by the "powers that be", whereas Garfinkel seems to take the "powers that be" point of view! Simson how you've changed!
In fact, Walker is skeptical that even IPv6 could promote "consumers" back to "peers":
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
I think that admins will find themselves not bothering with IPv4 for individual things at their site when they find themselves out of IPv4 addresses for less-critical things.
For example, pretend it's 2008 and IPv6 is commonplace. You have a IPv4 /28 from your provider. You also have an IPv6 /48. The /28 has been fully allocated since 2006. Your www.yourcompany.com server will have an ordinary A record pointing IPv4 users at it for a long time yet, but what's your plan to let people on the outside get to your [insert-not-entirely-mission-critical-thingy-here] server (that happens to work with IPv6)?
It's an even easier decision if you, as a home user, get a single static IPv4 address for your DSL line as well as an IPv6 /48.
"It will be the biggest, the most drastic, and the most comprehensive change to the underlying structure of the Internet in more than 20 years. "
I'd love that thought applied to space.. It's so confusing, and hard to do, we should tuck our tail between our legs and run! This change will happen one router at a time.. correct me if I'm wrong.. but I do believe IPv4 addresses will coexist with IPv6. And lets face it.. for the most part, this will be done my highly experienced techs at the ISPs, and filter down to very experienced end users at business. Dialup and High Speed users could use IPv4 for ages sitting behind their ISP's big gateways.
"The deployment of IPv6--the sixth version of the Internet Protocol--will be a massive undertaking that will require the reconfiguration of more than 100 million computers."
It's not like this will happen over night.. and one day all the end users (hi mom) will have to become IPv6 Gurus. Once again, we're back to.. It's hard.. lets run away.
"But when the IPv6 rollout is finally done, not all the effects will be positive"
Argh.. this guy bugs me.. He seems to totally forget about the evolution of software.. Of course it'll be slow at the beginning.. then some company like Nortel will put it all into a hightech ASIC chip.. and we'll leave IPv4 in the dust. For each of his arguements.. there's a swell counter arguement, that's never far from reach.
Faz
-=-Ze End-=-
Quote: "Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever."
I bet they said that when IPv4 was invented.
This sig is in Spanish when you're not looking....
"Japan, China and South Korea will jointly develop the next-generation Internet technology IPv6, aiming to have the global standard for the technology set in Asia, the Nihon Keizai Shimbun reported yesterday.
US firms now dominate the market for equipment like routers that serve as the infrastructure for the current IPv4-based Internet.
By working together, the three countries aim to take the lead in developing technologies for a world in which all equipment is connected to the Internet"
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
But if IPV6 is 'untested', as he says, how can he be so sure it won't float?
Let it be tested and then we'll know.
Everyone here agrees with you, but you'll have to write more than one line to get your Score 5 Insightful.
Like the subject says.
There is absolutely no security requirement! Security is supposed to be applied in other layers, with SSL and stuff running on top of an assumed unsecure link.
It would be *nice* if there was better encryption support at low levels, to overall prevent information leaking, but even total lack of such features would mean no step back from IPv4.
Simson's right in denying IPv6's short-term inevitability, but he's still being too easy on it! IPv6 is just plain dumb. He should say it.
IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths. We need this? It is not even using its 128 bits efficiently. The general approach is to use the top half to identify the network and the bottom half to include the 48-bit MAC address of the computer. That was a clever hack in 1985 when proposed for DECnet Phase V (which never caught on) and became an approach in OSI CLNP. But that was not for a public spammer-ridden insecure Internet. Now it is a security and privacy hole to do that. It also means the 128 bits are not used efficiently -- we are tight with 32 bits, but an address for every atom?
IPv6 also does nothing for QoS (ignore the hype, which is based on a misunderstanding) and nothing for security (IPsec works just fine with v4). It just wastes bandwidth. So it does something for, oh, MCI. No wonder Vint (the Chauncey Gardner of the Internet) likes it! And Sprint, AT&T and VeriZontal. Great.
IPv4 could use a decent replacement some day, but IPv6 is everything you don't like about v4, and more. Eccch. A dozen years since it was "adopted" and it's gone nowhere, for good reason. The Asians weren't so involved with IETF at the time, to know the messy politics behind it. And btw the whole thing about their not having addresses is false; there is plenty of space left in the IPv4 space waiting to be allocated where needed. China can have more, as they provide more and more spam relays for the h3rb@1-v14gr4 crowd.
There are so many IPv6 addresses that humanity will never run out of them--never, ever.
The researches that made ipv4 probaly said the same thing.
Typical American Ethno-Centric viewpoint.
We'll *HAVE* to move to IPv6 when the third world finally gets connected! China 1+ billion people.. India 1+ billion people.. it starts to add up!
Americans.. a whole world exists outside of your borders you know.
-=-Ze End-=-
nobody will ever need more than 640 IP addresses.
Garfinkel says IPv6 has problems, but "NAT is really the devil".
"the apparent security that NAT provides is a mirage"
He says "NAT's one-way fence makes it harder for...Kazaa, but it's also a problem for Internet telephony and the next generation of multimedia groupware applications."
He concludes that sadly, IPv6 will be a long time coming.
Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever.
HAHAHAHA! Thank god for IPv16. We have enough IPs to assign 16 billion IPs to every cubic picometer of the plant. humanity will never run out of them--never, ever.
you sir, have a huge pair of brass balls between your legs.
i salute you.
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
fuck you troll
I'm not really sure where to look for the answer to this, but I'll give it a shot. To me, it seems like a lot of migration worries stem from the fact that the IPv4 and IPv6 address spaces are different. Wouldn't having a system where a subblock of 4billion ipv6 addresses mapped directly to the same 4billion ipv4 addresses help people migrate toward IPv6? That way, in the transitional period between v4 and v6, if I try to connect to a ipv6 address that maps to an ipv4 address, a smart networking stack would be able to retry the connection using v4 if the v6 address doesn't respond.
I hope that kinda makes sence(sp?)
-Bucky
Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I have no strong opinions on the technical merits of IPv6 but I want to address the above statement, and the (IMHO) wrongheaded mentality behind it.
Why should the fact that these monopolistic groups oppose new, useful technologies, lead anyone to the conclusion that those technologies should be abandoned? Shouldn't we rather abolish the MPAA and RIAA?
When the light bulb was invented, did anyone argue we should abandon it because the candlestick industry would oppose it?
The truth is that new digital technologies are making "content" businesses like those represented by the *AA's obsolete. There is no benefit to society to engage in costly, counterproductive and futile "wars" against P2P and other useful new technologies in the name of enforcing "intelectual property" laws created in a different era that now benefit only special interests and not the public interest.
Ummm... MOST Windows users? Virtually EVERYONE? Look at the figures, dude. That's exactly what people do -- even some businesses do it.
The technical mistake was my believing Trojan that night in your mommy's bedroom.
I don't know about linux or the unixes, though.
IT's not a matter of ability, but of adoption (no-one's using it, though most os's support it)
You might try reading the fucking article, then you would know whether it is technical or political.
Asshole.
"Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT? "
MIT gives all machines a public IP address. When my company was working with them, it took awhile for our people to even believe it. I remember trying to explain to the programmers that this is actually how the internet was designed to work.
It's odd hearing people complain that without NAT, machines are insecure. While you get stateful firewalling for free with NAT, stateful firewalling without NAT is even simpler, so dumping NAT isn't exactly a security risk.
Maybe MIT feels guilty for hogging a whole fscking class A, so they do their damndest to use as much of it as possible.
Assembly is the reverse of disassembly.
... Didn't he sing "Bridge over Troubled Water"?
Yet another example of how America is sticking its head in the sand, and opening the way for serious countries to become the new world powers.
I don't understand the point you are trying to make.
We are running out of IP addresses. So we are going to switch to a new standard to get more.
How does that translate to ethnocentrism?
Is this guy high!?! He's claiming that the (MP|RI)AA will be against IPV6 because it allows more people to share their content via P2P just because people won't have to be NATd anymore?
HELLO! That's like blaming the car manufacture because some guy was talking on the phone and slammed into a bus load of 1st graders. The car had nothing to do with it, it was the jackass on his cell phone!
It's the same analogy that's been used with P2P now. Just because some people trade illegal content on Kazaa doesn't make Kazaa as a whole illegal. I think this guy needs to get his facts straight.
Simson Garfinkel is an incurable gadgeteer, an entrepreneur, and the author of 12 books on information technology and its impact
Translation: he's old and new technology scares him. He writes books about technology because he doesn't actually understand it. Describing P2P networks as being "for teenyboppers" is quite insane, he must have never tried to download anything large recently (especially given the maturity of solutions like BitTorrent for free software / content distribution - even NASA used it to release their Magellan rover software to the public). This guy should retire and stop his "THE SKY IS FALLING" shriek of panic. Suggested activity: gardening.
He also has absolutely no suggested *solutions* to the problems that he pretends exist. It's not as if IP6 is going to be any less tracable than IP4, nor will it magically create problems that didn't already exist. People are still going to want to firewall off networks under IP6 - in the same way that IP4 can be firewalled off - but this will be done without NAT.
Just because a protocol is "new" doesn't automatically mean that it's a danger. I have to wonder if this guy has never bought any new software in case the CD is so new that it's infected with the Ebola virus. Which makes no sense. Yes, corporations typically hold off adopting new products till version 1.1 or 2.0, but there's no point condemning the early adopters to insecurity hell before IP6 has been rolled out to the public.
Next he'll be complaining about kids and their music... why in his day there, etc, blah, blah.
Everyone seems to be switching from Linux 2.4.x to 2.6.x
Now we're going from IPv4 to IPv6
What the fuck do you people have against the number 5?
--I don't want the world, I just want your half.
But still a bit harsh on IPv6....
/64 network, but it has yet to be seen whether certain organizations might, for the hell of it, get allocated /8 networks because they can. As near as I can tell, the high 16 bits seem to be somewhat protected, but you never know what will happen. If there is a grab for /8 networks among big players, you have the same problems that IPv4 has today.
As to the notion of never running out of address space 'never, never' as he puts it, I wouldn't be so sure. The 32-bit address space provides 4.2 billion addresses. With that in mind, we are much nearer to exhaustion than current usage would dictate. It is all about the allocation, and if sloppy allocation occurs, the 128-bit address space of IPv6 could be exhausted too. For example, the architecture of current implementations make it so that the smallest subnet anyone will likely allocate are 64-bit networks, and use MAC addresses (or something else, but still 64-bit, because it's easy), so immediately you take the address space down tremendously. Still should be well more than enough for everyone on earth to have a
As to security implications, it is true that implementations will be for the short term future less tested and therefore likely to contain critical flaws, but still IPv6 code is receiving a fair amount of testing, and critical flaws will not be quite so devastating as you may think, no more than an Apache, Linux Kernel, or MS security exposure, which we have seen all of in fairly recent history without the sky falling.... Of course the wrinkle in this is a lot of the 'home router' concepts that happen to protect common home systems will cease to provide that protection. They provide NAT features, therefore masking to an extent the system behind the device. Despite what the author says about NAT being bad because it doesn't protect against things like browser exploits and physical intruders, NAT is on the level of firewalling in terms of protection. Any reasonable network security person will realize that browser exploits, email worms, and physical intrusion must always be kept in mind, and it has nothing to do with NAT or firewalling. NAT remains effective at, for example, fending off web server and rpc attacks from unsuspecting or experimenting workstations. If NAT goes away (hopefully), people need to be mindful of good old firewalling strategies. Implementations are maturing (experimental ip6tables implementation, for example, is approaching closely the ipv4 iptables featureset). If cable/dsl 'routers' revert to hubs in a wealth of addressing, I expect either cable/dsl 'firewall' devices or increased ISP vigilance to deal with the more widespread system exposure.
All that said, I like IPv6 (my desktop, gateway, and laptops are using IPv6 and each have public IPv6 addresses, keep NAT on IPv4 on some systems), but I (and everyone else) has been waiting and watching a long long time and no encouraging migrations are yet to be seen, and I doubt the near future will bring any incentive to push such a change.
XML is like violence. If it doesn't solve the problem, use more.
Ok yeah, oblig.
But, the article starts off that way, but turns more into criticism of the way America adopts standards.
It will be adopted in the US, wheels are already rolling.
hmm.. even when we go extrasolar as a species?
every day http://en.wikipedia.org/wiki/Special:Random
People can write XHTML code, but until web authors start to tell their web servers that they are sending XHTML then the UA will just get tag soup.
The moral is: Using a technology is worthless unless you implement it correctly. ... That and most people are still better off with HTML 4.01 Strict anyways.
This whole thing is moot with regards to Internet Explorer since they still haven't gotten around to supporting the line in XHTML documents yet, nor do they support the various xhtml mime-types.
Simon has not read the IPv6 documentation, existing applications can continue to use IPv4. IPv6 supports simultaneous IPv4 and IPv6 as well as IPv4 subnets. Running both protocols is one solution, but it is just intended to provide high confidence during the initial roll out embedded IPv4 is also supported. Simon needs to understand bit-masks which are the reason IP works in the first place and why it is simple to embed IPv4 in IPv6 and also why it won't slow things noticeably to go from 32 to 128 bits. Routers and DNS will have to be updated but that is manageable, particularly as you can have large IPv4 subnets. Even AOL could simply ignore IPv6. As a MIT grad I'm embarassed this could get into Tech Review. Doesn't anyone understand IP. It's not that hard.
Ever wonder why only Americans complain about IPv4?
Isn't funny how Asian nations, which you ignorantly claim have so many IPv4 addresses available, are the principal backers of IPv6 right now?
Don't feel bad -- most people are incapable of believing in any problem that doesn't affect them personally.
"Everyone"? No -- speak for yourself. SOME of us understand the appeal of being able to capitalize financially upon one's research.
There are so many factual errors in his description of both new system as wel as ways that changes wil affect us..
Hint what major firms already use this new system? Gee can we say most telecoms using internet to swtich voice traffic..say oh lets see AT&T, verizon, and etc.. now if they did not have to change their browsers and computer software OSes but just routers then it stands to reason that this author doesn't have any fact so f the amtter straight..
If you want the real facts ask a telecom engineer not this author..
Don't Tread on OpenSource
For what? The fortitude he has shown by posting flamebait to an anonymous web site? Get some new heroes, junior.
This is not to say that there are not problems with IPv6. While IPv6 fixes many problems in IPv4, the developed world will not embrace IPv6 until many shortcomings in the protocol are addressed. As a Brown University grad student, the subject of IPv6 is what my disseration is upon. Allow me to include a few "talking-points" on what I've learned.
I disagree that IPv6 is all about file trading and insecurity. Having said that, the above points have to be addressed by the IPv6 community before it will be deployed outside of research networks, and what better place is there than slashdot to address these points?
C - A language that combines the speed of assembly with the ease of use of assembly.
First of all, don't take it as a given that we will go extrasolar ever. It's also quite possible that we will be (largely) killed by an asteroid or nuke ourselves into oblivion.
Second, unless the universe is an awful lot bigger than physicists think, the prospects of having more than 2^128 devices seem pretty dim. Heck, there's probably not enough energy in our galaxy to make that many devices, so...
I hereby place the above post in the public domain.
The author should probably reread "Lisp: Good News, Bad News, and How to Win Big" IPv6 is probably not an engineer's wet dream, but I think it's probably the future. In the 80's Symbolics made these wonderful highly configurable workstations that used LISP as the assembler. Unfortunately, they cost about ten times as much as the new "Personal Computers" and needed highly trained, highly paid programmers. How many /.ers are reading this on a Lisp Machine?
This seems like such an American view here, "We own 3 billion of the 4 billion addresses, we won't ever run out so why should we care about the rest of the world..."
You mean, "With a quick look at their staff, you will see where their priorities lie." (Unless, of course, you were referring to where the magazine's priorities used to lie in the past.)
Anyone know what the adoption rate of IPv6 is for the major broadband ISPs? TimeWarner/Comcast, etc?
What with Win95 being EOL'd, a fair number of them will be upgrading to Windows XP (or Linux, OK?) with it's built-in support. Maybe the best approach would be from the bottom up?
Chip H.
Well, you know what? You don't move to IPv6! You add IPv6. You can still keep your IPv4 connection. Then you can start adding IPv6 support to each protocol and application, one at a time. You can and will still be fully IPv4 compatible. You'll just allow yourself to use IPv6-only services and make it possible for you to set up new new IPv6-only services even though you've run out of IPv4 addresses.
I'm not sure at all.
The IPv4 addresses are inefficiently distributed. MIT for instance has 16.7 millions of them. IBM too.
Entire classes of addresses are reserved for things we don't REALLY use like multicast and so on.
Plus we now have NAT and CIDR that help save some addresses.
I bet we could use IPv4 for 20 more years. IPv6 is to complex, bulky and inefficient.
I studied it and the fact that MAC addresses are in it blows me away.
Aren't the IP addresses a logical layer that prevents problems when you change a NIC ? If each time you change your NIC you have to change you address I foresee lots of trouble here.
And 128 bits addresses, okay, but entire classes are already wasted (multicast, network IDs, etc) and in the long term we could run into the same problems !
Anyway its too expensive and slow for the moment. Nobody wants to pay 1 million dollars for the last Cisco router with IPv6 where the one we bought last year for another million is working just fine.
Why not just add an extension to IPv4 if we really need these addresses ? I know it has a lot of flaws but hey, why change EVERYTHING ?
Iraq: war to save the U
Is this like: "I think there is a world market for maybe five computers."?
What *if* molecular nanotechnoloy takes off? Humanity then decides to build a large space based object, which will be built by a massive number of 'replicators', each working within a 100nm per side cube. (Raw material will come from a passing asteroid.) It is decided that each replicator is to be individually addressable. The number of IP addresses required is then (<linear size>^3)/((100nm)^3). 2^128 addresses will be required to build a 700km cube.
Sure this far fetched, and there are lots of other technologies which need to be invented before something like this can happen, but lots of today's things were far fetched in recent history.
"Five is RIGHT OUT!"
1. "Twelve Days of Christmas:" you get 6 "geese a laying" & 4 "calling birds," but 5 expensive "gold rings." You can shoot the birds. ;)
2. 5 is not an even number: it makes slow people stop thinking when they try to divide it.
3. A family of 5 usually means 2 parents & 3 children: nobody wants to be the middle child.
Life is irony, and nothing ever goes as planned.
There has been a natural fear amoung engineers that using the number 5 could result in a technology becoming self aware and ruining it for everyone.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Right now.
As far as IPv6 security goes, I'd like to see the new and interesting worms and network scanning utilities that can scan such a huge number of addresses, 4 billion addresses wasn't a difficult feat for programs that simply scanned incremented octets in IPv4, but now we have a lot more address space to slow such things down... this could just as easily be a problem though, imagine blacklisting a network from a spammer... oh darn, looks like they just need to find another billion addresses to randomly use.
Yet another example of how unclosed italics tags stick a post's head in the sand, and opening the way for serious problems in readability to become show-stoppers for world powers.
the U.S. Department of Commerce recently set up a task force to look at the issue, since it's widely believe that IPv6 will be more secure than IPv4 thanks to its use of IP-level encryption.
More secure?
Does this means everyone who promote IPv6 would be considered as Terrorist?
Excellent rant! I have been a subscriber to MIT TR for several years, and in the last year I have considered dumping it for this very reason. The magazine used to be great, but it has degenerate into ad after ad after ad, ad nauseum, with fluffy pseudo-technical reporting.
...
There are smart people at MIT, no doubt. But the University suffers from over-marketing sometimes. I wish Caltech would publish a magazine.
And don't get me started on that new MIT CS building
IPv6 sucks. Not because it doesn't work, but because it is designed to do too much.
...but too bad. Now we have a Godzilla of a protocol being speced by people in the marketing department.
The substantial increase in overhead in every packet increases traffic without increasing data being transfered.
The substantial increase in overhead at the router level to deal with all the added "functionality".
But let us discuss the rational for doing it at all: The increase in available space is nice all by itself, and could be accomplished, again, all by itself, by simply increasing the number of octetts in the address.
Rather than a "dotted quad", how about a "dotted sextet"? 65.188.192.168.4.4
That is in fact what I thought "v6" meant when I first heard about it. A simple and direct improvement in the one place where it could serve to be improved.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
IIRC, MIT has a class B IP range, meaning it has 255^3, or 16,581,375 IP addresses. while China and South Korea--with a combined population of more than 1.3 billion--have been allocated 38.5 million and 23.6 million respectively. Does that sound unfair to anyone? MIT having 6139 students, plus faculty and staff, compared to China having over 1 billion people. China as a whole barely has over twice what MIT has in IP allocation, while having 160,000 times more people. I believe this is a biased, pointless article, written by a moron who does not realize the enormity of what he's saying. Many Asian countries are literally running out of IP addresses, and he's complaining about "lack of security", and thinks that no routers support IPv6 (Pretty much ALL Cisco routers support IPv6 flawlessly.) This man does not know what he's talking about.
got sig?
...and you've still yet to touch a woman.
gg.
Every planetary system gets one IPV6 address. Problem solved!
There's so much wrong with Garfinkel's "review" of IPv6 that I won't be reading his security books. Meanwhile, at the SpeakFreely RIP (repost) thread, the NAT bashers get poked pretty hard.
--
make install -not war
Well that's a bit hypocritical of him. Not too long ago his site was compromised by goatse.cx-wielding hackers due to some insecure code in his 'last 10 google searches' section.
So he can shut the fuck up about insecure code, the asshole.
In order for the general internet to function primarily off of IPv6 (and actually see the benefits), there are several things that would have to happen:
1. Most major firewall vendors would have to support it;
2. Load balancing vendors would have to support it;
3. Cache vendors would have to support it;
Home-based router vendors would have to support it;
4. IT administrators would have to understand it (they barely understand IPv4, forget about IPv6;
5. Major co-location facilities would have to offer IPv6 support on the network connectivity; and
6. The majority of hardware and software running on network devices would have to be versions that support it (which isn't the same as that the vendors support it).
Fact: Most vendors of firewall products have only recentally announced support in their flagship products for IPv6 functionality. Only when the majority of users actually use versions that support IPv6 will there be critical mass.
Fact: most load balancing systems don't support IPv6.
Fact: Most routing products sold today for edge use don't support IPv6, and will probably never support it.
Fact: Consumer and even general business ISP's don't provide IPv6 support for connectivity.
IPv6 is akin to multicast Internet access: It is available in a few places, some networks can and do use it, some network hardware vendors support it, but as a mainstream technology that people everyday encounter, it will never be widespread (or won't happen in a LONG time). Predictions of it happening in this decade are way too optimistic, and if it does, then it could easily trigger a buying spree for network hardware that supports it of the like we have never seen, and network equipment stocks will probably explode through the roof. I don't feel this will happen though.
I have IPv6 from my ISP. Its enabled by default for every one of their clients, and has been for more than 2 years. Most of the other small providers in Europe are now offering it standard, and I have talked with one large telco who will be trialing it this year, for a rollout before a big marketing push in September.
/48 block of IPv6 at home. All my machines speak it, Solaris, Mac, Windoze, BSD, cisco, Nokia, Ericsson. My firewall filters both IPv4 and IPv6 with no problem, the rulesets are quite similar. With autodiscovery, router advertisements, and all the other cool protocols built into the IPv6 specs, adding a new machine means it just works.
But as the whingey Garfinkel points out, the U.S. is very much behind the curve in IPv6 rollouts. Typical corporate american incompetence.
As for routers, all real routers have it. It takes more effort today to get a cisco router without IPv6, because all the machines being delivered recently come with a version of IOS which has IPv6 installed. Just waiting for a Cisco Certified Button Pusher to configure it correctly, and bob's your uncle.
I have my own
While typing this response, I ran some statistics on web servers I manage. Approximately 5% of the traffic was IPv6 during the month of December, up from about 2% last June. That means that 5% of the PCs out there have IPv6 enabled, connected to an ISP offering IPv6, and are using an IPv6 capable browser like mozilla or IE6.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
IANARIAAR.
threat IPv6 is to their police actions
The RIAA would like to make it clear that it never pretended to be the police. Any misunderstanding is the fault of MIT or the author. They will be dealt with accordingly.
You can't judge a book by the way it wears its hair.
I went through the entire current posted responses, and I'm suprised people missed mistakes that - in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article.
The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.
Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
This is so horribly backwards, he must be joking. One of the points of IPv6 is that IPv4 can be routed within and through it. (visa-versa too, but let's assume we're taking about an all v6 net) The real worry would be when someone created a v6 only site that some v4 person wouldn't be able to address.
Ugh. I think IPv6 upgrade path will be similar to analog and digital cell phones. They're still able to route to each other, and the improved features and quality of connections have caused people to leave older analog phones. The older phones still have better coverage; but, the newer phones are still able to switch to analog mode if necessary.
Problems with a v6 peer not being accessible to a v4 peer aren't too worrying to me. The same technologies enabling Akamai and NAT will almost certainly solve that.
One obvious solution is an automated DNS -> TCP/IP forwarding service:
Amy is cute.
> that IPv6 makes encourages 'peer-to-peer based copyright violation systems';
TCP/IP is, in fact, a peer-to-peer protocol.
What he calls "peer-to-peer based copyright violation systems" are simply applications that make use of the natural, built-in peer-to-peer capability that TCP/IP provides.
P2P is not based on the Internet -- rather, it's the other way around -- the Internet is based on P2P.
If you want to solve the "problem" of P2P, your only effective "solution" is to unplug the entire Internet.
Let's take my network. I use 192.168.0.xxx and 192.168.1.xxx. The class b 0 subnet is for servers, 1 for random machines. Makes my firewall rules a little cleaner to read (nothing routes to .1).
So I decide to use VPN software to connect to my office, which uses vpn software too. Now how do I connect to any of the machines on the 192.168 blocks on either side?
Worse yet, what if I want to add a second vpn? IPv6 solves this by giving everything an ip.
So what of the NAT provides network security issue? Simple. Accept all traffic on one nic for an ip address, and bridge it out on the other nic. Between the two nics, your CPU comes into play, where a process (the kernel, ipfw, ipf, pf.. something) takes in the traffic of one and limits output to the second.
So tell me.. where's the secuity problem?
-
ping -f 255.255.255.255 # if only
I still think re-working the way people think about IP addresses will solve more problems.
E.g. You're toaster doesn't really need a public IP does it? [or your cell phone for that matter].
Good use of NAT can solve all of these problems...
There is no reason why certain companies/schools have millions of addresses each. Plain and simple.
Tom
Someday, I'll have a real sig.
Actually, the address field size is quadrupled. It is 32 bits in IPv4, and 128 bits in IPv6. 32 * 4 = 128, hence the quadrulpling.
Yeah, Amy is cute, but not cute enough to fuck.
You seem to have read what you wanted to into the article rather than what was written.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
The Tech Review was right, 32 * 4 = 128. Note that they said the size of the Internet address field (number of bits), not the number of addresses.
NAT lovers versus NAT haters. Can't please anybody.
We all know the rollover to v6 will be costly both in terms of actual new equipment bought and the time to test and instal new software. Oh well.
I'm not a network guru like a lot on here but to me, the lay person, the IPv4 issue sounds a lot like the Y2K problem. Just another problem caused 30 years ago because the fast paced spread of the technology wasn't forseen.
Eventually we are going to have to face up to the fact that we NEED more IPs and something will have to be done. It's better to suck it up and get it done early so lets get moving! Looks like Japan and China are doing it. Why the hell can't we?
New software contains new bugs. Hardware upgrades are expensive. NAT is not a magic bullet.
Does this man write a regular column called "The Obvious"? He should.
Nothing worth doing is worth doing today.
With 128 bits of address space, why not drop the port altogether? No more port assumptions when taking a DNS name plus a URI.
The big bonus: you can migrate services very easily, since a socket owns the whole address. Currently this is very kludgy in IPv4. Process migration would get much simpler with the network socket thing out of the picture.
I thought they were still on tour. And, anyway, what do they know about -- oh wait... never mind.
RP
Everyone from large universities to even larger universities is on the internet, and we are running out of IP addresses fast! IPv2, with only about 65000 possible addresses is fine with only 15 computers connected, but what happens when every toaster, microwave, slide rule, clock, desk toy, and vibrator has its own ip address? Simple, just upgrade to ipv4. With a large enough address space to handle one or two IP addresses per person on the planet, there is no reason we should ever run out. Surely there will never be as much as one computer per city, let alone three IP addresses per person in use!
All my machines speak it, Solaris, Mac, Windoze, BSD, cisco, Nokia, Ericsson.
;)
Ah, but do they run Linux?
All I gotta say:
nslookup 18.244.1.102
or
dig -x 18.244.1.102
-- Note: If you don't agree with me, don't bother replying. I won't read it.
/more sleep
/more caffeine
/more expensive crack
It took reading the slashdot blurb three times before I did not see Simon & Garfunkel.
Visit CryptoGnome in his home.
Today's Internet uses IPv4, the 4th version of the Internet Protocol. (Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5.)
No. Third version of the networking protocol (NCP was the first, in use til '83, then ipv4). Simply that when they needed a new protocol number, the first 5 had been used already. 5, if I remember correctly is ST/ST2. Seems like the earlier numbers are weird multicasting experiments and such (not to be confused with IP protocol numbers, where 6 is TCP).
How am I supposed to read this garbage, when he can't even get that right?
Wow.. so you're telling me that before IPv4 was around, the load balancing systems, routing products, and consumer and general business ISPs, and all those other folks you talked about, they all provided support for it?
No? They didn't even exist before IPv4? Goodness, however in the world did they come to support it then? Saw a market and developed for it, perhaps?
But you're probably right. Nobody will ever do that for v6. After all, nobody ever wants to be the first to move into a market that doesn't have any serious competition yet.
Get real.
Like any technology, some folks will go for it too early and die. Some will go for it too late and have a hard fight, but those in the middle.. who get in just as the window is fully opening up.. they'll fly.
Given the IP shortage in China, Japan, and South Korea, and given how fast they're playing technological catch-up, I'm willing to lay odds that you're very wrong.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
That means my desktop can open up a peer-to-peer connection with my desktop at work, but it also means that my daughter can network her machine directly with some teenybopper P2P network in San Jose. Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I thought that most P2P applications work well with NAT....maybe I am wrong. Any ideas on what kind of applications the author could be talking about that are "either very difficult or downright impossible today" ?
that IPv6 makes encourages 'peer-to-peer based copyright violation systems'
Wow... They're being very technical here.
What next? Are they going to lobby for a new reserved TCP port called "RIAA_SERVICES" ?
All I have to say is that I'm not really going to take seriously somebody whom talks about security problems but still serves webpages from a M$ IIS server..........
Actually, before IPv4 became the "protocol for the Internet" there were no server load balancers. There were no dynamic routing protocols. There were no consumer or general business ISP's. As such, no, they didn't support IPv4.
Only ten years after IPv4 did many of these things really start becoming popular. There never has been a situation where one protocol replaces such a widespread protocol as IPv4 to my knowledge. Despite all the obvious flaws in FTP, and the fact that HTTP can be used for everything FTP does, people still think "FTP" when it comes to file transfer on the Internet.
There are several protocols that I don't expect to see replaced any time soon. HTTP-NG died on the vine, BGP-4 is still the primary internet routing protocol used between ISP's, despite many shortfalls, and FTP bites as a file transfer protocol, due to protocol behaviors that don't fit well into load balancing and firewall configurations. Telnet is used widely even though SSH is available for most functions, etc. People change to new technologies very slowly even when there is a compelling need to change to new technologies, simply due to the learning curve and time investements needed to make the change.
Your points are very valid however, and I've debated them often in thinking about IPv6, especially at what point companies should start looking to develop for it. The problem is that from a business perspective, not enough companies are willing to jump in, and unless they do, a criticial mass won't develop.
On the flip side, the fact that IPv6 is being deployed more widely in so called "catch-up" markets with large numbers of people will help push the protocol forward, but at what point will a website such as CNN be available on a pure IPv6 address? At what point will such a site be availabe ONLY on IPv6? Once the majority of the top 100 websites are available through pure IPv6 methods I will concede that the transition has happened, and everything else will topple to IPv6. Until then I will wait to be disproven.
The people who can afford to upgrade can afford to push the switchover forward. If you can't afford the hardware, then you probably can't afford to lobby very hard against IPv6. So yes its about money, but as a community /. should be worrying about the health of the internet in general.
I'm not trolling. I recently posted in the story about DNS changes that we're going to start seriously breaking compatibility sooner or later and we might as well take it in baby steps, but IPv6 is not a baby step. Properly managing the addresses we have might not give the developing world enough time to shape up their IT infrastructure, but the the more time you give 'em, the less it'll hurt everyone when you make 'the big switch'.
We don't have to put it off forever, just until we reach some magic cost/benefit ratio (9x%) to make a big switch. 5 yrs down the road, enough IPv6 able hardware will be lying around to give away as freebies in order to upgrade the remaining % of hardware that needs it. Ya dig?
[Fuck Beta]
o0t!
There are so many more addresses, you would think that they would be almost free, and yet the charges remain high:
From http://www.apnic.net/member/feesinfo.html:
"The minimum fee for [non-APNIC-member] Internet address assignments [IPV4 or IPV6] is US $8,192." [stuff in square brackets added by me].
I don't know about you, but that puts ownership of addresses (as opposed to domain names) completely out of my reach. Of course I can rent a single one from my ISP, at a cost of many dollars a month, compared the buck-or-so per address per year they pay.
Want to know how to encourage IPV6 adoption? Make the addresses cheaper.
I was just looking at the Speak Freely story and everyone bemoaning NAT and pimping IPv6.
But isn't "6to4" just another form of NAT? Making that part of the infrastructure would seem to defeat the intent of those waiting for IPv6 to solve all their problems.
Why did we jump from 32 bit addressing to 128 bit addressing? What happened to 64 bit?
A 64-bit addressing scheme still gives us 2^32 times as many addresses as we have now.
For the next hundred years, isn't 18446744073709551616 addresses (give or take a few billion billion) enough?
Jesus Christ. What a cynic.
Go to bed.
But who cares if home-based routers don't support it. Let everyone just run their computers wide open! That will improve the 'net.
Warning: TCP port scan detected. An attacker has attempted to scan your system! (11:06:27 PM)
Warning: UDP port probe detected. Somebody has tried to access your machine and failed! (11:06:32 PM)
Warning: FTP Port Restricted. Possible intrusion. (11:06:39 PM)
Warning: HTTP login failed. Multiple HTTP authentication failures using bad user names and/or passwords. (11:06:45 PM)
All the issues discribed in the article are expected when implementing a new technology. Of course there will be bugs in the protocol code and of course there will be hardware issues. It's like saying hey when we implemented IPv4 we had no problems whatsoever. Moreover, Windows XP was perfect out of the box (lol) and there isn't a single application on Linux that has a problem. Point is this new technology means new bugs. So it will be worse in the first stretch but for the rest of the run it is benificial.
-illumina+us "I put on my robe and wizard hat..."
The way I see it NAT was a necessity becuse if the suits were left to themselves we'd be right back to MaBell telling us what can connect to the net and when....and paying thru the noze for it. There are lots of big ISPs that would love to have complete control of what you connect...no Xbox, PS2, or Linux for you without paying $$$...or not at all because it's not "supported". not to mention corperate or government suits trying to crack your internal boxes...or simply knowing you have 20 devices in your house...it's none of their business!
Looks like a slam to me. Stupid and wrong but a slam just the same. The man is a Ludite and I'll never have much respect for MIT Technology Review again. The article is pure FUD and flamebait.
MIT must be mortified their name is associated with that rag. I predict Garfinkel's removal, a shake up, or the removal of the ability to use the name by the magazine over this.
Friends don't help friends install M$ junk.
Several of the comments seem to result from what I think of as "dubious" assumptions about IPv6. I got tired of listing these every time the IPv6 migration discussion came up, so now I maintain that list in a web page: Dubious Assumptions About IPv6
The Chinese will build IPv6 equipment, and it will be dirt cheap. There will be IPv6/IPv4 bridges, but as more and more cool apps are developed that require v6, consumers will demand it, and those ISPs that can't provide it will go out of business. Sticks in the mud will be able to run IPv4 internally to their networks indefinitely, and people will build kludges of various kinds to provide interoperation.
Just what we need. "Popular in Europe." Just like Betamax, soccer, and the Amiga.
My other car is a 1984 Nark Avenger.
In retrospect, Xerox had it right in XNS - 48-bit MAP addresses on the LAN, and 48-bit net numbers for routing between LANs. When the transition to IP came along, the old ARPANET lobby wanted to just transition by putting their IMP number in the second half of the IP address, and adding [10.0.xxx.xxx]. That's how we got into this mess of class A, B and C networks, netblocks, NAT, and all this other junk.
IPv6 is in some ways worse, because the interpretation of those 128 bits is complicated. Not everybody gets an autonomous system number and gets to participate in routing.
All I did was fill out a single spreadsheet questionairre that asked me how many PCs I had on my network, how many I was projected to have in the next 12 months, if I was going to use VPN, and whether or not I was setting up an ISP. It took me all of 10 minutes to fill out, then I got my class Cs assigned (I just needed a hundred or so initially) lickety-split. Wasn't an ordeal at all.
In an act of good will in the mid 90s, Stanford (the only other school with a Class A network) gave theirs up. They did this for the greater good while knowing that it would leave MIT with bragging rights as the only remaining university with a Class A. Sometimes doing the right thing is more important than bragging rights. Even so, many of the geeks at Stanford thought it was a real tragedy. The other 50% of the sutdent body didn't even know there was a change.
Lasers Controlled Games!
25 years ago, I used to write software almost exclusively in assembly language. Using your logic, I should still be writing software in assembly language for 16-bit processors. After all, that is the more efficient use of valuable transistors and silicon.
Mea navis aericumbens anguillis abundat
Of all the jerks I have had the misfortune to come across, Simson is quite a creation. He is the most obnoxius, egotistical, self promoting, and rude person I have ever had the misfortune to share a podium with. I really wish people who stop letting him have access to the press.
...do you really think any ISP or admin is just going to allow machines to be directly exposed to the internet on equal footing with servers, routers and more important equipment? I don't care if there'e IPSec in there, it just isn't reality unfortunately.
The only way IPv6 is going to take off is if there is some profit motive behind it, because that's what drives the idiots of business. They don't care about whether it's better, faster, safer or newer unless "Joe Consumer" is going to jump on it like a jackrabbit in heat.
And... the only way that "Joe Consumer" will want it is if it's trouble-free and comes built into their computer. So... when M$ launches Windows Longhorn XP Trusted Networthy v1.0 and it comes pre-installed on any PC from the big two vendors, then... maybe "Joe Consumer" will buy into it. And it would have to provide some noticeable benefit. Peer-to-peer aint' it. "Joe Consumer" would probably be more impressed if his cell phone was an IM device that was always on and proxied to his desktop/IP phone/fridge/TV etc...
But think about it. Do you REALLY want your devices directly on the net? Especially these days? I mean really... with the number of cracked and infected Windows boxes on the net, I'm seeing 600-1000 hits per hour now on my firewall logs. There's so much crap on the internet right now from infected and 0wn3z0r3d machines, it's really not funny any more. They need to make damn sure that this stuff WON'T be a problem before they attempt to jump to IPv6 and give everything an IP.
Un-news
I'm slightly more interested in the other features that ipv6 offers than the increased address space itself, such as increased security, improved routing, and (finally) a mandate to multicast so it'll finally become more useful.
... only speading FUD.
Some facts in his article are just wrong, or at least very biased.
IPv6 WON'T encourage 'peer-to-peer based copyright violation systems'.
IPv6 WON'T be less secure than IPv4.
IPv6 WON'T make the internet slower, in contrast it will make it faster (as soon as the networking processor are switched).
http://blog.gauner.org - just a blog
The article makes an origami boulder of a statement -- everything is jumbled together, poor explanations, incomplete statements, real problems, unrelated facts... only to come to conclusion that is nothing but a wild guess.
Contrary to the popular belief, there indeed is no God.
The real issue is getting a few major ISPs and some of the popular web sites to support IPv6. Web sites mostly don't run it because their ISPs don't, but if native IPv6 becomes available, it's easier for them to switch. The problem for ISPs isn't so much security (though they obviously care about that), but reliability - the degree of reliability testing and the level of developer exposure to weird real-world events is much more limited with IPv6, which makes them hesitant to really jump on it since there's minimal market demand (using "market demand" in the sense of "people who will pay you money if you have it and won't pay you if you don't" rather than "people who think it might be cool but aren't handing you money".)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
"The deployment of IPv6--the sixth version of the Internet Protocol" - 6th version? no it isn't, it's version 6.
:)
"Each about 500 bytes in length" - wrong, i can change my packets to 15Kb in size if i wanted, or even 512KB
"Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5." - right... he doesn't realize that ipv6 is just called that because of the 6 areas to insert a IP address: area1:area2:area3:area4:area5:area6. version 1, yes it does exist, this is my ipv1: 1345396058 (long ip).
"There are so many IPv6 addresses that humanity will never run out of them--never, ever." - never say never
"those routers don't have similar hardware that can route V6 in hardware: those packets have to be routed in software, which is a slower process." - all enterprise routers, which the Internet runs on, can have their roms changed, no changing of routers required
I also noticed one more flawed thing with his article, he talks about IPv6 coming, and going to be widespread, then at the end he makes it seem as if it isn't coming.
He seems to of sparsely researched how IPv6 works, thus, resulting in this really bad informative article.
Change is certain; progress is not obligatory.
Yup...18.0.0.0 /8.
:)
I don't know what they're carrying for upstream capacity now, but back in they day they were connected to both of the BBNPlanet Cambridge POPs via FDDI.
The old cambridge2 pop was actually onsite at MIT (and worcester1 was located at WPI, for the interested)
// Agent Green (Ian / IU7 / KB1JQO)
// IEEE 802.3: All 10base Are Belong To Us
And yet even as I read this you are moderated "4, Funny". If I had any moderator points I'd give you one to see if it would skip 5 and go to "6, Funny".
google for it ...
http://www.iana.org/assignments/ipv4-address-space
It's just marked as "IANA - reserved." If they gave it up years ago and it still isn't helping, all they did was do a gesture. Are there any plans for it?
He is fairly aggressive at attacking IPv6, and even contradicts himself in his fury against the protocol...
all IPv6 code is untested and therefore insecure
Yes, if you don't count university networks that has been using 6bone for several years now. Read up a bit on 6bone, and you'll see that the primary purpose of it is to function as a testbed for IPv6. But of course, computer scientists aren't really able to find and fix problems in the protocol.
IPv6 makes encourages 'peer-to-peer based copyright violation systems
I won't even comment on this...
Deploying IPv6 means that every application that uses Internet addresses needs to be changed.
However, isn't IPv6 designed to be backwards compatible? I.e. have a separate address space that emulates IPv4? So there isn't an urgent need to switch *now* when it starts getting used? Using the IPv6 stack should not mean an unability to talk with IPv4 clients.
Today, most routers come equipped with special-purpose integrated circuits that can route IPv4 packets very quickly. But because there is no demand for it, those routers don't have similar hardware that can route V6 in hardware
I'll just let him contradict himself:
"The code that lets computers talk on an IPv6-enabled network is now built into the current versions of Windows XP, MacOS, Linux, and many forms of Unix. Every router made by Cisco comes ready to run IPv6. So does every Nokia mobile phone. The whole world is getting dressed up for the IPv6 party."
If they're already implementing software support for IPv6 before it's even starting to get used, doesn't he think this is a sign that the manufacturers are dedicated to bring hardware IPv6 support once it gets even more widely used? If not, he needs to explain why.
He complains about upgrade costs too, which seems to be a concept never heard or experienced by him before, as he seem to be in shock while discussing it.
But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.
True, updated software might get new bugs if they aren't tested properly. What's new? This risk is taken daily by adopters of upgraded or new software.
Beware: In C++, your friends can see your privates!
Right now I use a NAT to route things around on my home network. However, I can't route port 25 to two different computers behind a NAT so I have to use one e-mail program on a single system to handle all the e-mail for every domain I have control of. Mercury Mail on my coloed server has no problem with this so I have no problem with this. My spam-can is just a catch all anyway running on my home connection. I have one router with NAT handling the server and one router at home handling the home network.
If I had an IP for each system I could use one firewall per system and forward external IPs to internal systems behind individual firewalls with specific ports open on each if I wanted to. I may just keep the current set up for simplicity and cost effectiveness. There's no point getting more than on IP and more than one NAT if you're not running multiple domains.
IPv6 doesn't remove NAT. It just makes it possible to use multiple NATs each with a unique external IP. This is possible now. I have a number of IPs accessible to me from my ISP but this would be more common.
So really, nothing in this area will change. It will just be more common that home users are running multiple differently configured firewalls to a number of different networks. One firewall capable router per IP. Same as always.
Only in a university have I found that having 1 IP per system is an excuse not to use a firewall. It really should be required that a router be added into the cost of buying a new system. The excuse of course is that faculty will mess with them or take them off or that it will cost too much for techs to set them up.
Even if I had only one system on my internet connection I'd be using a router. I don't trust Windows or any OS directly on the wire.
Ben
Work Safe Porn
...just to build a hierarchical protocol on top of IPv4? Perhaps my understanding of this issue is insufficient, but bear with me. Suppose my local network has an external address of 12.34.56.78 and that I have a server with an internal address of 192.168.0.4. How difficult would it be build a protocol atop IPv4 that accesses my server as 12.34.56.78.0.4? All the internet backbone has to be concerned with is getting low-level IP packets to and from my LAN, and the hardware is already there to do that. The only additional requirement is for my router to recognize the higher-order protocol embedded in those packets and direct requests to the proper server. Am I missing something here?
One big problem with NAT is that it creates passive internet consumers. When everybody uses NAT the real content of the internet is provided by the big players that can afford public ip-addresses for their servers. In the original internet without NAT everybody was a content provider. Just think about all the content that will never be published and the cool technologies that never will be developed when everybody uses NAT.
:)
Say no to NAT! Say yes to public addresses for everybody!
> > The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.
> Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.
Sheesh. He is talking about quadrupling (4 times) size of the address, not address space. And you didn't even make your wrong argument correctly. You should have said 2^32 * 4 != 2^128 which is the right wrong argument.
I haven't read such a pack of bunk in a long time--it's not worthy of the MITTR.
Garfinkel claims that IPv6 won't be viable to roll out because routers need to be upgraded. Dude, that is an ongoing process. Does he think that today's IPv4 routing hardware can handle tomorrow's IPv4 traffic? Let's see, how many protocols did the early Internet support? I guess they never merged to IP, because it was too expensive.
Also, he's a bit of a pollyanna about NAT--NAT is not a reason for why IPv4 is going to survive. It's a fiendishly shit kludge. Ask anyone that received a 10.0.0.1 answer from Verisign DNS last week. NAT sucks. It's a fix, but it sucks.
Lastly, IPv6 shouldn't be deployed because it relies on _software_ being changed? Oh gee, I'm sorry mr. Garfinkel, but I'd completely forgotten that every single networked application, nameserver, mail server, and web server has evolved code-wise to a layer of abstraction and perfection that we never have to worry about another security hole again! Aren't we happy that we've all reached BIND25, which never ever has to be touched again for as long as we live?
What an idiot.
Cole's Law: Thinly sliced cabbage
... and got slammed ....
As someone who was around during the IPv6 specification phase I can tell you that the spec that finally emerged from the IETF (following a great deal of ill feeling) had two main goals:
1) Not to be anything like OSI on principle
2) To be conveniently routable on the hardware then typically in use for academic workstations
So frankly, it's no real improvement on IPv4 and failed to consider ways of reducing latency and increasing the robustness of routing in large-scale carrier backbones.
It was too late even back then to consider the great "switch over" because there were just too many autonomous network operators around with no incentive to change unless everyone else did (those of you who knew DECnet Phase IV will remember a magic switch which was supposed to cause your entire network to transition to Phase V: not many customers actually activated it for the same reason).
The future is probably some rather different local area network protocol for all of those home appliances (connecting your PC, iPod, TV, PVR and toaster) and something different again for the long haul.
But it will have to be demand-led.
When you think consumer gadgets then the US isn't the first country to come to mind - its Japan, Taiwan and China, Malaysia, Korea and the Philippines (in no particular order).
If every gadget gets an IPv6 ip address then its irrlevant what some ex-MIT/Mass commentator thinks. Asian and especially the Japanese with KAME, are sniffing around for another edge that they can get.
Once the millions of games consoles get IP for LAN parties then ISP are going to be driven kicking and screaming into IPv6. Console sales outnumber PC sales so what Microsoft think here is irrelevant (unless its XBox related). Nope, in the same way that GSM eclipsed older analogue Cellular networks (with multi-billion costs in upgrades), then IPv6 will eclipse the older IPv4 and the drive will be consumer gadget driven.
At first it *seems* that NAT is a security improvement but lateron you will recognize that it' not.
NAT can never be a replacement for a firewall, especially a packet filter. Writing packet filters when NAT is involved will lead to a lot more complicated rulesets. Complicated rulesets mean that people easily leave holes in their firewalls and this means that the firewall can get insecure.
Moreover people will not be content with NAT, they often want/need programs that can be accessed from the internet which is by design impossible with NAT. To overcome these limitations, people set up "port forwarding" on the firewall/NAT machine and route specific ports to specific machines. This makes once again machines behind the firewall/NAT vulnerable to attacks - but even worse, the rulesets of these port forwardings get very often forgotten and are often incorrectly set up which once again creates holes for attackers.
NAT is indeed - as the author of the article states - a faustian bargain and I doubt that removing NAT setups will raise security hassles.
Moreover note that with IPV6 you still *can* do NAT, so if it's your choice, leave your NAT box that way and you can still switch from IPV4 to IPv6, but with IPv6 you have also the option to drop NAT.
You write: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?"
I would say: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no security between?"
As I denoted, setting up a packet filter should be easier and more transparent than setting up NAT. And don't forget, that the security issues emerge from the windows machine.
I suspect that beyond the technical advantages of IPv6, such as a vastly bigger address spaces and faster routing, the US Military (and Government) see that it is important for American strategic interests to spearhead the upgrade of America to IPv6 so that America is not left behind by the Asian countries.
I also think that the IPv6 capability of Linux is one of several reasons why Asian and other non-USA dominated countries are switching to Linux. With Linux they have a chance to ensure that their Internet traffic starts and ends in machines where they can trust the software - because it is open source. As has been said before, one of the drivers of Asian IPv6 adoption is their need for a bigger address space.
Once IPv6 becomes much more common, expect to see a lot of new companies, and some existing ones, launch new products for both the mass consumer and the specialist markets, that are only feasible with IPv6. Watch Asia, especially Japan. for the first evidence for this. If I had to pick a year for this to happen, I'd suggest 2006 - but maybe I'm being unduly conservative.
Basically, IPv6 is the future.
"Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth?s surface. There are so many IPv6 addresses that humanity will never run out of them?never, ever."
just thinking of a thousand swarms of 600 billion nano-robots conquering the deserts of some evil country desperately seeking WMDs. we WILL run in trouble with these 128bit adress fields...
* a merry live and a short one
4 billion possible addresses on IP4. Are anything like 4 billion devices on the Internet? Or is it closer to 250 million worldwide? Just 6% or so are used.
You see, it doesn't actually matter what you *need* or even what you might be able to make use of when there's a land grab like IP addresses, or names, what matters is what you can get. Corporations, governments, ISPs, device manufacturers will grab the maximum number they possibly can in the offchance that some VP in accounting will want an IP address for each cent in the corporate bank account. So instead of making use of 5% of the IP addresses they own, they'll make use of 0.000000000whatever1% of the addresses they own instead.
Government of the people, by corporate executives, for corporate profits.
And here's to you, Mrs. Robinson Jesus loves you more than you will know (Wo, wo, wo)...
This sig was generated by a barrel of trained kittens for SeXy_Red (550409).
.... all the starts will be dead and there will not be enough energy to send a ping form one place to the other (since all matter will be so widely dispersed that the energy available to you would not be enough to transmit anything to the nearest place).
Or the big crunch would be on its way, in which case exahustion of the IP address space would be the latest of our priorities....
IANAL but write like a drunk one.
However, given the sad, vulnerable state of security and privacy, I'd expect more authors to expound on the benefits of IPv6's privacy and authentication mechanisms.
Likewise, as more bandwidth is eaten by spam and music downloading, IPv6 addresses quality of service, and better routing and addressing capabilities.
The only two reasons not to go IPv6, at least for intranets, is either espionage agencies oppose increased security and/or a particular large vendor fails to support it well. Maybe there are others. Wireless networks and VPNs are being thrown in all over the place. These are the perfect places to start with IPv6. The other option is NAT, but that will eventually have to be redone when the move is finally made. Kill 2 birds with one stone and install the new VPN or Wireless net with IPv6.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article
/. account :-)
/.), from now on I'm just going to consider him another clueless journalist.
Amy is it? Does she have access to your
I read the article last night when I was a bit sleepy and I did post a response about my IPv6 experiences (its here, deal). He's either clueless, or was told by the publishers what kind of slant they wanted to bash IPv6. I recently had a conversation with a potential client who wanted me to rid their network of anything which could cause a security breach by unknowingly being on IPv6, this article brought back that discussion.
After re-reading the article today with a good night's sleep, I think the author wrote the article in two separate sittings, and was pressed by an 800 lb. deadline to write something, anything. So he dusted off an old, unfinished article about migrating to IPv6, added some non-researched controversy, and submitted the article.
That makes the best excuse for this drivel I can come up with. He's a hack, and since he managed to piss me off (and most of
the AC
And I'm snarfing your analog/gsm phone analogy for my next conversation with clueless gits
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Maybe if corps and universities weren't given absurd amounts of IPs that they will never be able to use then this "running out of IPs" excuse wouldn't fly.
Want more IPs available from the IPv4 address space? Take them from people who aren't using them.
At least now every printer doesn't have its own internet routable IP...
And how does your cute example solve the address shortage problem with IPv4?
;)
Since you still NEED an IPv4 address to be compatible with your IPv4 peer.
Basically you have reinvented NAT, except for v6 to v4. And everybody knows NAT is evil
--Blerik
No, I do not want every single gadget to be readily available on the net and ready to be telnetted into at any time. In fact, lemme rephrase that: I explicitly want them _not_ to be available on the net by default.
If the service company needs to telnet into my fridge, I'll jolly well open a port for it myself. And close the port when they're done.
Everyone is ranting and raving about Microsoft's security. Or rather: lack thereof.
But you're asking of me to suspend disbelief and trust that every single toaster maker will write perfectly secure code. Code which can't possibly have a buffer overflow. Code which can't possibly be exploited over the net.
No, sorry, I don't buy that. My experience says that more likely they'll hire some burger flipper to string together some libraries he doesn't even understand. And he probably doesn't even know what a buffer overflow is, much less how to test against one.
And don't give me that "but how will they guess your 128 bit IP address" stupidity. Not only it's security by obscurity, it's also the non-working kind.
How do people know your e-mail address? Do they have to randomly test every single letter and digit combination? Well, no.
And neither would they have to guess your 128 bit IP addresses.
It doesn't even take much imagination to just start a database of working IP addresses, same as every single spammer has one for e-mail addresses.
And the best part? Since the addresses aren't dynamic, you only need to find each of them once. Then it stays there. Whoppee.
A polar bear is a cartesian bear after a coordinate transform.
Asia, Africa, and India will all probably adopt IPv6, but IPv4 will not die in the United States--or even in the federal government. It's simply too easy for U.S. homes, businesses, and government offices to keep using what they have, and let the ISP set up gateways between the IPv4 Internet and the IPv6 Internet. Eventually, these gateways will grow into firewalls, passing some kinds of traffic between the United States and the rest of the world, but blocking other data--for example, unauthenticated e-mail that might be spam.
Scary stuff, imo.
>IPv6 will help satisfy the demand for IP addresses for a wide variety of consumer electronics
How?
Sure, there are more bits in the address, but consider how the address is composed. There's typically an identifier portion (the x in 192.168.0.x) which differentiates local devices on a local network and a "prefix" which identifies a point of network attachment (the part of the address on which routing operates).
It's not local addreses that are (allegedly) running out, but routable network prefixes. You wouldn't hard code the network prefix into any appliance, or you'd end up with every router in the world having to have a 128-bit flat routing space. So there has to be some network gateway which provides the local prefix information and if it has to be there for that purpose, it's quite capable of providing network address mapping to the IPv4 space for the foreseeable future.
[Oh, and IP isn't particularly well designed for big LANs either (because of its point-to-point heritage): ARP is pretty unpleasant overhead for appliance devices on large networks (all those broadcasts).]
So while it's true that there will be more gadgets and that they will need some sort of ID for autoconfiguration/usability purposes, that doesn't mean they necessarily want an IPv6 network address built into them.
When everything is switched over to IPv6, then the internet goes back to its original plan - where all computers are equal; they all have their own address, they can all do whatever they want (or, whatever they can, given the hardware inside of them) like run servers, etc. The big thing about IPv4 is that not all computers are equal - one IP goes to one broadband modem, and there's a NAT present in the event of more computers behind the one IP address. In this IPv4 situation, not every computer can do whatever they want (like run servers, etc); the computers behind IPv4 NATs are consumers. The computers behind IPv4 NATs aren't equal contributions to the internet, they're there to consumer services.
I'd imagine the companies providing these (or any, for that matter) services are trying quite hard not to switch to IPv6, where, if us present-day-consumers don't like how they handle the services, or if the billing for these services isn't what we expect, we can simply do it ourselves and take them right out of the picture. With IPv6, the providers would be forced to listen to their customers or risk not being the providers any more.
RIAA, MPAA, peer-to-peer:
First of all, this is way out of the RIAAs and MPAAs realm of influence. ISPs have already shown that they do not care about these cartels and that they like peer-to-peer because it attracts customers to their internet services. Secondly, peer-to-peer is highly successful without IPv6 and having NAT actually increases privacy because I can go down to my local wifi zone and download stuff without being traced.
Too large a change:
Not really. As long as companies are willing to change the necessary hardware, and if IPv6 can save them money on things like travel by improving video telecon capabilities, it will happen.
Like a change from english to metric unit?:
Wrong again, The change will be transparent to Joe AOL user.
The site, as well as the posters in this discussion fails to address another important hurdle in IPv6 deployment: applications!
It seems as most people seem to address the transport layer problems; such as migration and reconfiguration of network equipment (routers) as well as end-hosts, the more important application layer deployment is neglected.
Think, when all end-hosts and immediate routers are IPv6 ready; and hosts can one day communicate with each other natively over IPv6, what is the use if the pace of application development fails to follow?
I have worked with IPv6 in my final-year thesis; as well in an internship with NTT (a part of the KAME project sometime back), we can get FreeBSD up and running with IPv6 almost instantly, but what's keeping us back? Applications, of course.
The socket connection functions within the applications need to be upgraded (mainly to support a bigger address structure). For example, the sockaddr_in has to be upgraded to support sockaddr_in6, the address structure for IPv6. After that has been done, more changes in the User Interface might need to be done (for example, to allow users to enter IPv6 addresses directly in a textbox).
Fortunately, after a 4 years, the most important applications have already been ported. Apache now supports IPv6, same goes Mozilla and IE, and most importantly, BIND for DNS resolution.
However, there are still probably thousands, if not millions of other applications that need to be ported one by one (albeit simply).
The link from google to port your application:
Porting applications to IPv6 Howto
Ok, I apologize for the stream of conciousness style of my posting but there were a couple of issues that I just didn't get.
First, OK, NAT IS THE DEVIL. But the authors security argument about NAT was that people were using wireless lans and getting in through the backdoor to attack the PC's. IPv6 doesn't do anything to mitigate that.
Second, the idea that having every object in your house have a two way freeway to the internet has to be a ddos attackers dream come true. Sure I can see my 67 year old dad setting up a firewall to keep his web enabled toaster from sending out bad and evil packets onto the internet. Right after he wins the XPRIZE for that orbital Refrigerator he has been working on. Get real, most users can't figure out what an icon really is, and now they will be the key to securing this brave new world.
Third, does this not let ISP's charge more now that we will be using 100's of IP addresses?
4th, think of all the applications that haven't even been thought of yet. Come on. At least with the new ipv6 we will be able to watch his daughter go to college, and probably follow her on dates and to the bathroom. PROGRESS? Not meant to be an insult, but the purient aspects of all this technology just floors me sometimes. I guess I am a Luddite.
So in closing, I think it will happen and I for one don't care if we (the US) lags behind. In the long run that will make it cheaper for us and the pioneers can take those arrows for us. And as for using up most of the ipv4 address space, what can be said but "WE RULE"!!!
224-255 are for multicast.
I'm confused as to why we just don't have 1 or 2 multicast class A's, because AFAIK, no one uses it! At least my ISP doesn't really support it.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
there are lots of other advantages of ipv6 compared to ipv4:
/128 into multiple subbits (like /4) helps in the logical arrangement in the address.
/48 (65535 subnets) if you are able to utilize 200 subnets within 2 years. by default (i don't know how they run their network - if it is efficient or they just subnet their network and waste all the ip address) they may have a hard time getting allocation from arin. they might need to get the suballocation from a provider (since it is hierarchal) so that's why they are opposed to the idea.
routing - different rirs have now created policies that will make routing much efficient. it will be hierarchal so routing tables will much smaller (thus faster routing.)
headers - the ipv6 headers has been optimized compared to ipv4, data transmitted includes qos (standard)
multicast - no more broadcast. we don't have to worry about too much data storms in our network (better bandwidth utilization.)
autoconfig - ipv6 provides for automatic configuration of ip addresses. this will make transition much easier since most devices can be made ipv6 ready and activated and it will automatically configure itself and run on ipv6.
tunneling - you can do endless tunneling to seamlessly support ipv4 and ipv6 networks together. you can easily put an ipv6 backbone with ipv4 clients running (with all translation under the fe80 range.)
addressing - clear policies has been made with regards to addressing (and routing as well) to prevent problems that have plagued existing ipv4 networks. the division of the
maybe since mit has 16.7million ip addresses, they are afraid of ipv6. based on existing policies agreed upon by rirs (arin, apnic, ripe), you will be allocated a
even if they do not switch to ipv6 (i hope they will be the last one.) the entire world will be running in ipv6. here in asia, it is much harder to get ipv4 addresses. so we are already experimenting with ipv6 (and readying for production grade native ipv6 networks with full peering and routing - we have purchased ipv6 routers in preparation for a full ipv6 backbone with ipv4 tunneled instead.)
software is increasing its support with ipv6. windows xp already has support (not so savvy end users can now start benefiting from ipv6.) linux and apps already has support. most network equipment now supports ipv6. heck my mobile phone can access an ipv6 network natively!
final words. go ipv6! it's about time. (and note to all admins, experiment with ipv6 and you'll see.)
p.s. slashdot was inaccessible for a few minutes before i posted this content
Live your life each day as if it was your last.
There's lots of interesting things you can do with a scheme like that. For example, NTP uses the various loopback addresses to implement fake peer clocks. The particular quads specify "drivers" and parameters to use to talk to the time source.
What's nice is that it's portable top any system with a sane sockets layer.
It's the kind of thing where you look up some service in a database, which gives you a number. You translate that into an IP address, then try binding to it to see if that service is available. Forget TCP, you can just use raw IP datagrams since there's no way delivery can fail. It's more familiar territory than IPC for some people (and more portable).
Well, maybe 16 million is excessive. We only have 64k TCP port numbers, and that hasn't been too problematic.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Solaris has it front to back since 5.8, so does OSX. Oh and Irix. Hmmm, all the BSDs and Linux. Yup. Oh, and HP-UX. And AIX 4.3... hmmm, what else... oh yeah, Symbian 7.0 for phones and WinCE. VxWorks and QNX seem to fully support it too.
And Cisco IOS. And gee willy, aren't a lot of Linksys home networking boxes one flash update away from supporting it, you know, being based on embedded linux and all?
Well gee whiz, that's like, NOBODY. Microsoft must really be on the ball here.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
The other AC is correct, you are wrong. If you are saying that A and B are mutually inclusive you are saying that A includes B and B includes A, which simplifies to A = B since the only way that A can be a subset of B and B a subset of A is if the two sets are indentical.
that is 15 too many.
Also, you're right about the 192... I haven't had my coffee. I guess what I meant to say was that you won't find a class-a starting with 192. Nor 172. (174->172).
Gak.
240-254 for future extensions, eh? Well I wonder if those counterpredictions claiming we can last to 2020 (mentioned later in these threads) are predicated on the fact that we will start handing those out too.
I think the 255 class A is used to indicate you wish to broadcast on all subnets you're attached to (255.255.255.255). It's the all-networks network.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Amy is cute.
Who is Amy?
Im dreaming ofa big bndwdth, That can resist the
>There are so many IPv6 addresses that humanity will never run out of them--never, ever.
I have heard statements like this before... networked nanotechnology and RFID tags anyone?
Usual slashdot of people not knowing what they are talking about.
There are many transition mechanisms defined and being defined for ipv6. These allow ipv4 only to talk to ipv6 only and all other combinations. Some require dual stacks but many are implemented in other ways.
A huge organization could switch to mostly ipv6 only internally and still interoperate with the Internet at large.
The backbone could switch to mostly ipv6 only and home users could remain using ipv4.
There is no line-in-the-sand switchover required, it can be staged and rolled out over time.
Untested Code? I don't trust any code from M$, not even the code I write using their sortware, VB, C#, or even VCC.
We actually need IPs for each workstation (long story as to why).
The code being untested is surely no huge obstacle as it is quite able to be well tested. IPV6 will indeed make peer-peer systems more possible than they are today with many users externally inaccessible directly behind limited NATs. But peer-peer ability does not equate to copyright violation and that anyone from MIT would imply that it does is gross political manuevering. Peer-peer abilities mean that the internet is many-many in rather than strongly slanted to few-many. All nodes become potential producers and shares of information and bandwidth. This was the original shape of the internet and its original promise. It is high time we got back to it.
When will slashdot have an IPv6 interface? By adding v6 to the services and sites that are most used on the internet, it will only accelerate the full migration.
My ISP charges for extra IP addresses ($5/month).
I will still hide multiple systems behind a single address to avoid these costs.
I've personally stopped worrying about Simon Garfinkel's opinions since I learned he was one of the editors of the incredibly biased and unfunny Unix Hater Handbook. The only good thing in this book is the Dennis Ritchie rebuttal. Given that Simon has written lots of books that depend on Unix technology and he was and still is a major proponent of NeXTStep and MacOS/X, both fine BSD systems, either the man is a total fraud or he is a complete idiot.
It wasn't intended to fix the address shortage problem with IPv4. It was intended to solve the upgrade path routing problems for IPv4 to IPv6.
Dynamic NAT, as popularly implemented, is "evil." NAT as Network Address Translation is not evil and is a fundamental technology of the Internet.
Oops. Responding while tired strikes again.. (though I asked others around me if I was being coherent - the lies!)
:-)
Yeah, address field.
And when will this compatibility end? Since everybody keeps using v4 addresses, there is no need for people to switch to v6. Is there going to be a worldwide 'lets stop using IPv4' day? Or are we going to stay compatible forever?
As lots of other people have already pointed out, they should have made IPv6 inherently compatible with IPv4, so there is no need to switch.
There is a header checksum field in IPv4, that (as far as I know) is only verified at the destination, and is totally useless. Use these 16 bits to extend the destination address, extend the source address using a V4 option field, and you have extended IPv4 addressing to 48 bits and kept the destination in the beginning of the header for hardware routing. And you are compatible with IPv4 so people that don't need to upgrade won't have to. You have also added addresses without increasing the routing complexity for the core.
This is just a little hack of the top of my head, I'm sure there are people out there that can do better. And my prediction is that somebody will do better and write a RFC for this. Two weeks later all free unices will have implemented this, two months later Cisco and Juniper and all the other big guys will add support for this feature in a software update, and a year later nobody will be using IPv6 anymore. IPv6 is like IPSec, designed by a commitee and dead ten years later.
But this is just my 2 cents, who knows what will happen.
--Blerik
mmmmm IPV6
that never stopped Microsoft from releasing their products.