Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
These problems go away when every computer on the Internet really does have its own IP address--something that's impossible today with IPv4, but which is the raison d'etre for IPv6. In a world with IPv6 and without NAT, every computer in my house has its own unique IP address on the public Internet. That means my desktop can open up a peer-to-peer connection with my desktop at work, but it also means that my daughter can network her machine directly with some teenybopper P2P network in San Jose. Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Cisco routers support it, as do the routing stacks in Linux and the BSDs. If you would have read the article, you would have at least known Cisco routers support ipv6.
Cthulhu Saves.
Your statement that 'no routers have it' is quite simply a pile of rubbish; Cisco, Juniper, Foundry, and Nortel routers all support IPv6 in at least one version of code, if not multiple versions.
If by 'routers' you mean Linksys, Belkin, or D-Link, you really need to redefine your concept of the word.
i believe they have a full class a, right? so that's ~1/255th of the possible usable ip addresses on the internet? (not taking into account non-routable ip addresses)
I ssh over ipv6 all the time -- it's just like v4 but prints out a really ugly address the first time you connect.
Will I need to update my apt.sources file?
Probably not if your favorite apt servers support it as well. Most of the switching over is handled by DNS (which has had v6 support for quite a while).
IP layer stuff (OSI model layer 3) is transparent to the layers both above and below it; you can easily map IPv4 addresses (as well as DNS entries) onto IPv6 addresses as long as you have a protocol stack capable of parsing the IPv6 stuff. Nothing new.
/8's out there, that I imagine we could go on for at least another 3 before widescale implementation.
Remember people, IPv6 has been around in RFC form since December 1998 (5 years) - the adoption rate simply hasn't matched what was seemingly necessary.
Besides, ARIN isn't even close to full address depletion. There's so many spare
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Maybe I read the wrong article, but I don't think he said that at all. The gist of the article is this:
1) I will define 'IP' for you now
2) This is why we need more Internet addresses (something above and beyond IPv4)
3) One problem with IPv6 is that no one uses it now. So the best thing to do is to make dual v4/v6 machines. But then you can never make v6 only because someone will always have v4. (wtf? 'we can never adopt v6 because we have not yet adopted v6'?)
4) NAT is super evil because its security is "a mirage"
5) The RIAA and MPAA will probably hate IPv6 because people can connect to each other more
6) IPv6 will only be introduced in the US when a government supplier wants it
I think that timothy must've posted this without reading the article itself -- or I've read the wrong article -- but the article author _NEVER_ says 'untested and therefore insecure', only talks about the increase in p2p applications as 'interesting' and likely to be opposed by the *AA, and the problems posed by inertia in the US as opposed to adoption in Asia.
NOWHERE does he slam IPv6 - he seems rather happy about it, in fact.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
That's absolutly not true. IPv6 info @ Cisco. I quote: "In May 2003, the availability of Cisco IOS 12.3 Mainline that integrates the IPv6 feature set from 12.2(15)T enables production deployment for all Cisco based networks." Obviously routers have it. Linux has it as well, so its certainly not a MS only thing.
The problem with IPv6 isn't software or hardware -- it's politics and money. Theres no benefit to service providers to update their IPv4 setup to do IPv6 because they'd have to find some way to still talk to the "normal" IPv4 internet (because, really, who wants to get on an ISP that isn't on the internet?). Additionally, many many ISP's charge a premium on extra IP addresses. What makes you think that they want to ditch that income so you and I can each address our refrigerator from the supermarket to see how much milk is left?
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
The ocean parts and the meteors come down
Laid out in amber, baby.
They may have once been a reputable magazine, but since Bruce Journey took over, they are more concerned with selling magazines than quality reporting. Mr. Journey used to work for such rags as Time and TV Sports. When appointing Mr. Journey to lead Technology Review, William Hecht said:
Besides that, Technology Review is twice removed from MIT. They are run by the Association of Alumni and Alumnae of the Massachusetts Institute of Technology which is loosely associated with MIT.
I would really like to know why Slashdot keeps posting fantastical stories from that ratings-driven rag.
Actually, the government in the US is already planning IPv6 migration, and there are mandates for the DoD to go to IPv6 by 2008. Sure, that's a few years off, but it means that in the mean time there will be many pilot programs and gradual migrations. It is going to happen, and even if the corporate world lags, the gov't will be pusing it.
Don't worry, having IPV4 addresses as a sub-block of IPV6 addresses, dual IPV4/IPV6 hosts, and IPV6 protocol encapsulation was such a good idea that the designers of the IPV6 protocol decided to use it.
::203.131.45.99)
They even made it simple! If my IPV4 address is 203.131.45.99 my IPV6 address will be 0:0:0:0:0:0:203.131.45.99 (there's even an abbreviated notation for a V6 address which would just be
The likelyhood is that the migration to V6 isn't proceeding as fast as possible for political and financial reasons rather than technical ones.
The allocation of Class A networks is not the problem. There are still Class A networks that are marked as "reserved" and are not really being used. The inefficiency in the distribution of the networks is the problem.
If you are going to pick on Class A owners, then I think there are plenty you can pick on before MIT. HP owns both the 15 and 16 spaces (16 was DEC, bought by Compaq, and now owned by HP). GE, Halliburton, Xerox, Apple, BBN (x2), FoMoCo, Prudential, Eli Lily, and even the US Postal Service are all official owners of at least a Class A network.
The problem with NAT is that it breaks some protocols, eg FTP. The protocol says something like "My IP address is X, make a connection back to me.", but with NAT the computer reports its IP as something that's not a valid public address. That not only breaks some protocols, but you can use that to tunnel in past a firewall onto a private network in some cases.
The other problem is more aesthetic than anything... but it can be a problem if the NAT device is badly configured. Because it has to translate incoming and outgoing packets, the NAT device must track the state of the incoming and outgoing connections. This takes memory, and sometimes there's not really any way for the NAT device to tell when the connection has been severed. So it has to time them out, and this can result in connections evaporating without warning when the server and the client want them to stay open.
Fortunately, you can usually set this to something more reasonable with OpenBSD or Linux (or another BSD, Solaris, whatever). OpenBSD 3.4 with "set optimization conservative" waits 5 days. I've never had any problems with that, but it's tweakable if necessary.
When someone might yell at me, it has to be OpenBSD.
Assuming it is:
1. Cisco Routers suck at IPV6.
That's kind of an implementation issue rather than a protocol issue wouldn't you agree? If word gets out that Cisco Routers aren't providing bang for buck then there are always alternatives as you have suggested. If performance really matters then IT managers can argue the point that the corporate policy is outdated and has to change...
2. There are too many addresses.
Too many addresses is certainly a better situation to be in than not enough addresses I'd argue. Pretty much everyone in this thread that has had to deal with NAT has put forward that it's a deal with the devil: it's a just barely sufficient hack to a tricky problem.
3. IPV6 addresses are too large.
Extreme amount of memory to hold routing tables? Sure, if addresses were picked at random with no regard for the overall layout of the Internet. There's nowhere in the protocol specification that says all 64 network bits have to be used at once when rolling out. Give every ISP it's own separate chunk of the IPV6 address space to which it can portion out to it's customers, and routing may actually become easier, not harder. With 64 bits used for routing I'm sure every ISP in the world could have way more individual IP addresses than it could possibly need, and there would still be plenty of network prefixes left over. We as a community now have a lot more experience in dealing with address allocation issues than we did in 1970...
4. The IPV6 header is too large.
Oh, please. If you're worried about conserving a mere 20 bytes in each packet don't you think more would be saved by design superior compression schemes for when the data intensive applications like Voice, TV, Radio, etc become an integral part of the internet? Also, what's the difference today if a web page takes 40 seconds to load, or 41 seconds to load?
These aren't discussion points, the complaints are too trivial for that. I would hope that you put a bit more effort into research if I were the one reading your dissertation. IPV6 may not be perfect, so point out some REAL design problems if you're going to try.
In an act of good will in the mid 90s, Stanford (the only other school with a Class A network) gave theirs up. They did this for the greater good while knowing that it would leave MIT with bragging rights as the only remaining university with a Class A. Sometimes doing the right thing is more important than bragging rights. Even so, many of the geeks at Stanford thought it was a real tragedy. The other 50% of the sutdent body didn't even know there was a change.
Lasers Controlled Games!
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
"The deployment of IPv6--the sixth version of the Internet Protocol" - 6th version? no it isn't, it's version 6.
:)
"Each about 500 bytes in length" - wrong, i can change my packets to 15Kb in size if i wanted, or even 512KB
"Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5." - right... he doesn't realize that ipv6 is just called that because of the 6 areas to insert a IP address: area1:area2:area3:area4:area5:area6. version 1, yes it does exist, this is my ipv1: 1345396058 (long ip).
"There are so many IPv6 addresses that humanity will never run out of them--never, ever." - never say never
"those routers don't have similar hardware that can route V6 in hardware: those packets have to be routed in software, which is a slower process." - all enterprise routers, which the Internet runs on, can have their roms changed, no changing of routers required
I also noticed one more flawed thing with his article, he talks about IPv6 coming, and going to be widespread, then at the end he makes it seem as if it isn't coming.
He seems to of sparsely researched how IPv6 works, thus, resulting in this really bad informative article.
Change is certain; progress is not obligatory.