Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
These problems go away when every computer on the Internet really does have its own IP address--something that's impossible today with IPv4, but which is the raison d'etre for IPv6. In a world with IPv6 and without NAT, every computer in my house has its own unique IP address on the public Internet. That means my desktop can open up a peer-to-peer connection with my desktop at work, but it also means that my daughter can network her machine directly with some teenybopper P2P network in San Jose. Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Cisco routers support it, as do the routing stacks in Linux and the BSDs. If you would have read the article, you would have at least known Cisco routers support ipv6.
Cthulhu Saves.
Your statement that 'no routers have it' is quite simply a pile of rubbish; Cisco, Juniper, Foundry, and Nortel routers all support IPv6 in at least one version of code, if not multiple versions.
If by 'routers' you mean Linksys, Belkin, or D-Link, you really need to redefine your concept of the word.
i believe they have a full class a, right? so that's ~1/255th of the possible usable ip addresses on the internet? (not taking into account non-routable ip addresses)
I ssh over ipv6 all the time -- it's just like v4 but prints out a really ugly address the first time you connect.
Will I need to update my apt.sources file?
Probably not if your favorite apt servers support it as well. Most of the switching over is handled by DNS (which has had v6 support for quite a while).
IP layer stuff (OSI model layer 3) is transparent to the layers both above and below it; you can easily map IPv4 addresses (as well as DNS entries) onto IPv6 addresses as long as you have a protocol stack capable of parsing the IPv6 stuff. Nothing new.
/8's out there, that I imagine we could go on for at least another 3 before widescale implementation.
Remember people, IPv6 has been around in RFC form since December 1998 (5 years) - the adoption rate simply hasn't matched what was seemingly necessary.
Besides, ARIN isn't even close to full address depletion. There's so many spare
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Maybe I read the wrong article, but I don't think he said that at all. The gist of the article is this:
1) I will define 'IP' for you now
2) This is why we need more Internet addresses (something above and beyond IPv4)
3) One problem with IPv6 is that no one uses it now. So the best thing to do is to make dual v4/v6 machines. But then you can never make v6 only because someone will always have v4. (wtf? 'we can never adopt v6 because we have not yet adopted v6'?)
4) NAT is super evil because its security is "a mirage"
5) The RIAA and MPAA will probably hate IPv6 because people can connect to each other more
6) IPv6 will only be introduced in the US when a government supplier wants it
I think that timothy must've posted this without reading the article itself -- or I've read the wrong article -- but the article author _NEVER_ says 'untested and therefore insecure', only talks about the increase in p2p applications as 'interesting' and likely to be opposed by the *AA, and the problems posed by inertia in the US as opposed to adoption in Asia.
NOWHERE does he slam IPv6 - he seems rather happy about it, in fact.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
That's absolutly not true. IPv6 info @ Cisco. I quote: "In May 2003, the availability of Cisco IOS 12.3 Mainline that integrates the IPv6 feature set from 12.2(15)T enables production deployment for all Cisco based networks." Obviously routers have it. Linux has it as well, so its certainly not a MS only thing.
The problem with IPv6 isn't software or hardware -- it's politics and money. Theres no benefit to service providers to update their IPv4 setup to do IPv6 because they'd have to find some way to still talk to the "normal" IPv4 internet (because, really, who wants to get on an ISP that isn't on the internet?). Additionally, many many ISP's charge a premium on extra IP addresses. What makes you think that they want to ditch that income so you and I can each address our refrigerator from the supermarket to see how much milk is left?
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
They may have once been a reputable magazine, but since Bruce Journey took over, they are more concerned with selling magazines than quality reporting. Mr. Journey used to work for such rags as Time and TV Sports. When appointing Mr. Journey to lead Technology Review, William Hecht said:
Besides that, Technology Review is twice removed from MIT. They are run by the Association of Alumni and Alumnae of the Massachusetts Institute of Technology which is loosely associated with MIT.
I would really like to know why Slashdot keeps posting fantastical stories from that ratings-driven rag.
Actually, the government in the US is already planning IPv6 migration, and there are mandates for the DoD to go to IPv6 by 2008. Sure, that's a few years off, but it means that in the mean time there will be many pilot programs and gradual migrations. It is going to happen, and even if the corporate world lags, the gov't will be pusing it.
Don't worry, having IPV4 addresses as a sub-block of IPV6 addresses, dual IPV4/IPV6 hosts, and IPV6 protocol encapsulation was such a good idea that the designers of the IPV6 protocol decided to use it.
::203.131.45.99)
They even made it simple! If my IPV4 address is 203.131.45.99 my IPV6 address will be 0:0:0:0:0:0:203.131.45.99 (there's even an abbreviated notation for a V6 address which would just be
The likelyhood is that the migration to V6 isn't proceeding as fast as possible for political and financial reasons rather than technical ones.
The allocation of Class A networks is not the problem. There are still Class A networks that are marked as "reserved" and are not really being used. The inefficiency in the distribution of the networks is the problem.
If you are going to pick on Class A owners, then I think there are plenty you can pick on before MIT. HP owns both the 15 and 16 spaces (16 was DEC, bought by Compaq, and now owned by HP). GE, Halliburton, Xerox, Apple, BBN (x2), FoMoCo, Prudential, Eli Lily, and even the US Postal Service are all official owners of at least a Class A network.
The problem with NAT is that it breaks some protocols, eg FTP. The protocol says something like "My IP address is X, make a connection back to me.", but with NAT the computer reports its IP as something that's not a valid public address. That not only breaks some protocols, but you can use that to tunnel in past a firewall onto a private network in some cases.
The other problem is more aesthetic than anything... but it can be a problem if the NAT device is badly configured. Because it has to translate incoming and outgoing packets, the NAT device must track the state of the incoming and outgoing connections. This takes memory, and sometimes there's not really any way for the NAT device to tell when the connection has been severed. So it has to time them out, and this can result in connections evaporating without warning when the server and the client want them to stay open.
Fortunately, you can usually set this to something more reasonable with OpenBSD or Linux (or another BSD, Solaris, whatever). OpenBSD 3.4 with "set optimization conservative" waits 5 days. I've never had any problems with that, but it's tweakable if necessary.
When someone might yell at me, it has to be OpenBSD.
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf