Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
These problems go away when every computer on the Internet really does have its own IP address--something that's impossible today with IPv4, but which is the raison d'etre for IPv6. In a world with IPv6 and without NAT, every computer in my house has its own unique IP address on the public Internet. That means my desktop can open up a peer-to-peer connection with my desktop at work, but it also means that my daughter can network her machine directly with some teenybopper P2P network in San Jose. Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Cisco routers support it, as do the routing stacks in Linux and the BSDs. If you would have read the article, you would have at least known Cisco routers support ipv6.
Cthulhu Saves.
Your statement that 'no routers have it' is quite simply a pile of rubbish; Cisco, Juniper, Foundry, and Nortel routers all support IPv6 in at least one version of code, if not multiple versions.
If by 'routers' you mean Linksys, Belkin, or D-Link, you really need to redefine your concept of the word.
i believe they have a full class a, right? so that's ~1/255th of the possible usable ip addresses on the internet? (not taking into account non-routable ip addresses)
I ssh over ipv6 all the time -- it's just like v4 but prints out a really ugly address the first time you connect.
Will I need to update my apt.sources file?
Probably not if your favorite apt servers support it as well. Most of the switching over is handled by DNS (which has had v6 support for quite a while).
IP layer stuff (OSI model layer 3) is transparent to the layers both above and below it; you can easily map IPv4 addresses (as well as DNS entries) onto IPv6 addresses as long as you have a protocol stack capable of parsing the IPv6 stuff. Nothing new.
/8's out there, that I imagine we could go on for at least another 3 before widescale implementation.
Remember people, IPv6 has been around in RFC form since December 1998 (5 years) - the adoption rate simply hasn't matched what was seemingly necessary.
Besides, ARIN isn't even close to full address depletion. There's so many spare
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Maybe I read the wrong article, but I don't think he said that at all. The gist of the article is this:
1) I will define 'IP' for you now
2) This is why we need more Internet addresses (something above and beyond IPv4)
3) One problem with IPv6 is that no one uses it now. So the best thing to do is to make dual v4/v6 machines. But then you can never make v6 only because someone will always have v4. (wtf? 'we can never adopt v6 because we have not yet adopted v6'?)
4) NAT is super evil because its security is "a mirage"
5) The RIAA and MPAA will probably hate IPv6 because people can connect to each other more
6) IPv6 will only be introduced in the US when a government supplier wants it
I think that timothy must've posted this without reading the article itself -- or I've read the wrong article -- but the article author _NEVER_ says 'untested and therefore insecure', only talks about the increase in p2p applications as 'interesting' and likely to be opposed by the *AA, and the problems posed by inertia in the US as opposed to adoption in Asia.
NOWHERE does he slam IPv6 - he seems rather happy about it, in fact.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
That's absolutly not true. IPv6 info @ Cisco. I quote: "In May 2003, the availability of Cisco IOS 12.3 Mainline that integrates the IPv6 feature set from 12.2(15)T enables production deployment for all Cisco based networks." Obviously routers have it. Linux has it as well, so its certainly not a MS only thing.
The problem with IPv6 isn't software or hardware -- it's politics and money. Theres no benefit to service providers to update their IPv4 setup to do IPv6 because they'd have to find some way to still talk to the "normal" IPv4 internet (because, really, who wants to get on an ISP that isn't on the internet?). Additionally, many many ISP's charge a premium on extra IP addresses. What makes you think that they want to ditch that income so you and I can each address our refrigerator from the supermarket to see how much milk is left?
You are mistaken. MIT dorms have /16 networks (18.XXX.0.0/16), not /8.
Cretin - a powerful and flexible CD reencoder
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
What I'm looking forward to is having to apply weekly firewall updates to my friggin' toaster.
NAT is a good idea for certain limited applications. Internet-enabled dishwasher? No problem*. Web browsing cell phone? Perfect. But for a general purpose computer running arbitrary applications, it's very constraining. Just look at the discussion surrounding Speakfreely and you can see some of the problems that happen when you turn on NAT. Basically, you turn a computer into a consumer of Internet services rather than a participant.
Depending on where the NAT translation is being done, there are ways around it. I have a static address with a good wireless provider, so the NAT is being done by my own router. I've told it to forward requests to ports 80 and 22 to my Linux box, so I can serve web pages and SSH into it.
But if the NAT is being done by the ISP directly, they have full control over who can make requests to your computer from the outside. Nobody can make requests of your computer from the outside, which eliminates both intrusions and ordinary requests for services.
* Though I'm still curious why my appliances need to surf the web. How can we not see that we're handing them the tools they need to organize and revolt against us?
You want the truthiness? You can't handle the truthiness!
The ocean parts and the meteors come down
Laid out in amber, baby.
They may have once been a reputable magazine, but since Bruce Journey took over, they are more concerned with selling magazines than quality reporting. Mr. Journey used to work for such rags as Time and TV Sports. When appointing Mr. Journey to lead Technology Review, William Hecht said:
Besides that, Technology Review is twice removed from MIT. They are run by the Association of Alumni and Alumnae of the Massachusetts Institute of Technology which is loosely associated with MIT.
I would really like to know why Slashdot keeps posting fantastical stories from that ratings-driven rag.
Actually, the government in the US is already planning IPv6 migration, and there are mandates for the DoD to go to IPv6 by 2008. Sure, that's a few years off, but it means that in the mean time there will be many pilot programs and gradual migrations. It is going to happen, and even if the corporate world lags, the gov't will be pusing it.
Don't worry, having IPV4 addresses as a sub-block of IPV6 addresses, dual IPV4/IPV6 hosts, and IPV6 protocol encapsulation was such a good idea that the designers of the IPV6 protocol decided to use it.
::203.131.45.99)
They even made it simple! If my IPV4 address is 203.131.45.99 my IPV6 address will be 0:0:0:0:0:0:203.131.45.99 (there's even an abbreviated notation for a V6 address which would just be
The likelyhood is that the migration to V6 isn't proceeding as fast as possible for political and financial reasons rather than technical ones.
The allocation of Class A networks is not the problem. There are still Class A networks that are marked as "reserved" and are not really being used. The inefficiency in the distribution of the networks is the problem.
If you are going to pick on Class A owners, then I think there are plenty you can pick on before MIT. HP owns both the 15 and 16 spaces (16 was DEC, bought by Compaq, and now owned by HP). GE, Halliburton, Xerox, Apple, BBN (x2), FoMoCo, Prudential, Eli Lily, and even the US Postal Service are all official owners of at least a Class A network.
The problem with NAT is that it breaks some protocols, eg FTP. The protocol says something like "My IP address is X, make a connection back to me.", but with NAT the computer reports its IP as something that's not a valid public address. That not only breaks some protocols, but you can use that to tunnel in past a firewall onto a private network in some cases.
The other problem is more aesthetic than anything... but it can be a problem if the NAT device is badly configured. Because it has to translate incoming and outgoing packets, the NAT device must track the state of the incoming and outgoing connections. This takes memory, and sometimes there's not really any way for the NAT device to tell when the connection has been severed. So it has to time them out, and this can result in connections evaporating without warning when the server and the client want them to stay open.
Fortunately, you can usually set this to something more reasonable with OpenBSD or Linux (or another BSD, Solaris, whatever). OpenBSD 3.4 with "set optimization conservative" waits 5 days. I've never had any problems with that, but it's tweakable if necessary.
When someone might yell at me, it has to be OpenBSD.
FreeBSD was the first OS to have IPv6 support.
Assuming it is:
1. Cisco Routers suck at IPV6.
That's kind of an implementation issue rather than a protocol issue wouldn't you agree? If word gets out that Cisco Routers aren't providing bang for buck then there are always alternatives as you have suggested. If performance really matters then IT managers can argue the point that the corporate policy is outdated and has to change...
2. There are too many addresses.
Too many addresses is certainly a better situation to be in than not enough addresses I'd argue. Pretty much everyone in this thread that has had to deal with NAT has put forward that it's a deal with the devil: it's a just barely sufficient hack to a tricky problem.
3. IPV6 addresses are too large.
Extreme amount of memory to hold routing tables? Sure, if addresses were picked at random with no regard for the overall layout of the Internet. There's nowhere in the protocol specification that says all 64 network bits have to be used at once when rolling out. Give every ISP it's own separate chunk of the IPV6 address space to which it can portion out to it's customers, and routing may actually become easier, not harder. With 64 bits used for routing I'm sure every ISP in the world could have way more individual IP addresses than it could possibly need, and there would still be plenty of network prefixes left over. We as a community now have a lot more experience in dealing with address allocation issues than we did in 1970...
4. The IPV6 header is too large.
Oh, please. If you're worried about conserving a mere 20 bytes in each packet don't you think more would be saved by design superior compression schemes for when the data intensive applications like Voice, TV, Radio, etc become an integral part of the internet? Also, what's the difference today if a web page takes 40 seconds to load, or 41 seconds to load?
These aren't discussion points, the complaints are too trivial for that. I would hope that you put a bit more effort into research if I were the one reading your dissertation. IPV6 may not be perfect, so point out some REAL design problems if you're going to try.
Blame marketing for that one. Windows 1.0, 2.0, 3.0, 3.1, 3.11WfW, 95, 98, and Me are the DOS/Windows family. Windows NT 3.1, 3.5, 4, 2000, XP, and 2003 are an entirely different family and the "Windows" in the name is basicly Microsoft's way of saying "You can run your old applications on this and the UI will be broadly familiar."
XP does not boot from DOS, not even the hidden DOS in Me. It boots from NTLDR.
You are not alone. This is not normal. None of this is normal.
The Tech Review was right, 32 * 4 = 128. Note that they said the size of the Internet address field (number of bits), not the number of addresses.
Um, not really. Most new computers have IPv6 capability, (I'm pretty sure XP does, though I could be wrong). its the same as Y2K. All newer computers wouldn't have a problem, and the few older ones just need to be patched.
In an act of good will in the mid 90s, Stanford (the only other school with a Class A network) gave theirs up. They did this for the greater good while knowing that it would leave MIT with bragging rights as the only remaining university with a Class A. Sometimes doing the right thing is more important than bragging rights. Even so, many of the geeks at Stanford thought it was a real tragedy. The other 50% of the sutdent body didn't even know there was a change.
Lasers Controlled Games!
LinuxInDallas wrote:
Not trying to beat up on you... what you wrote is what people who weren't there commonly say with hindsight. The seeing eye moves, and moving, sees from different viewpoints over time. When 32 bits were selected to provide IP addressing for the the then-new phase, it probably seemed like a lot and any more than that would have run into objections of excess packet overhead and bandwidth waste.
Believe me, if anyone had suggested using more than six digits to store a date 30+ years ago it would have seemed idiotic and wasteful. Mostly these things don't even get discussed beyond unstated limits that are appropriate to the times and the circumstances. A real life example:
In late 1969 or early 1970 I was standing in a mostly empty computer room with people a lot older and wiser than I, and they were discussing what level of New York Stock Exchange trading volumes (as a measure of overall market ticker traffic in all exhanges) we should plan on for our second-generation network and computers, given a lifetime of, say, ten years. Our processing and communication loads were directly related to trading activity in stock, bond, commodities and other markets. NYSE volume was the common metric used to gauge all the market information traffic in the nation for load purposes.
The NYSE was doing, I think, about 6 million shares a day on a heavy day then. Some provision had to be made for growth but no one wanted to be the first to throw out too high a number. They looked at each other in turns in a most peculiar manner.
Finally the VP asked, "Do you think planning for 20 million shares a day would be going too far?" No one else had been willing to venture a number that high, but everyone agreed that that would be a good number for planning the network and computer capacity. Had anyone tried to sell the idea that we should have planned for much more than 20 million, he would have been noted as someone whose assessments were wildly outside the lines.
As it happened, our network and computers had to handle U.S. market information traffic measured by NYSE volumes of 200+ million shares per day before it was replaced by a newer system about 15 years later, and as early as 1976 the major exchanges began delivering information at a gross bit rate 70 times what it had been before. In that original discussion, anyone who might have insisted that 200 million was the right number probably would have lost his job on the spot for being so obviously out of touch with reality.
And so it goes. The viewpoint changes, the givens change, the parameters change, the changes change, and later judgments about decisions made decades earlier are rarely informed enough to be valid. In our case we blew it badly on the estimate of 20-million-share days, but we built our shit so well that it scaled without much difficulty to handle 10 times what we planned for and five years longer life than anyone had hoped for.
Also, system failures were not permitted. But that's another story for another time...
Look at the bright side: there's always seppuku.
You must have had an ISP that was much more liberal...grin. Giving workstations real IPs was no excuse to get a class C in Austin.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
"The deployment of IPv6--the sixth version of the Internet Protocol" - 6th version? no it isn't, it's version 6.
:)
"Each about 500 bytes in length" - wrong, i can change my packets to 15Kb in size if i wanted, or even 512KB
"Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5." - right... he doesn't realize that ipv6 is just called that because of the 6 areas to insert a IP address: area1:area2:area3:area4:area5:area6. version 1, yes it does exist, this is my ipv1: 1345396058 (long ip).
"There are so many IPv6 addresses that humanity will never run out of them--never, ever." - never say never
"those routers don't have similar hardware that can route V6 in hardware: those packets have to be routed in software, which is a slower process." - all enterprise routers, which the Internet runs on, can have their roms changed, no changing of routers required
I also noticed one more flawed thing with his article, he talks about IPv6 coming, and going to be widespread, then at the end he makes it seem as if it isn't coming.
He seems to of sparsely researched how IPv6 works, thus, resulting in this really bad informative article.
Change is certain; progress is not obligatory.
Taking reserved addresses into account means it is more like 1/221st of the address space. Only 1-223 in the first octet are used for host addresses of these 10 and 127 are reserved for special purposes.
Do you care about the security of your wireless mouse?
Address fields are a fixed 32-bit integer...this notation would overflow.
There's none of the current stuff like "well, this packet matches six different network masks. Which one is the smallest subnet?".
IPv6 is built for speed. It's not just IPv4-but-longer.
Dewey, what part of this looks like authorities should be involved?
The code being untested is surely no huge obstacle as it is quite able to be well tested. IPV6 will indeed make peer-peer systems more possible than they are today with many users externally inaccessible directly behind limited NATs. But peer-peer ability does not equate to copyright violation and that anyone from MIT would imply that it does is gross political manuevering. Peer-peer abilities mean that the internet is many-many in rather than strongly slanted to few-many. All nodes become potential producers and shares of information and bandwidth. This was the original shape of the internet and its original promise. It is high time we got back to it.