Slashdot Mirror
MIT Technology Review Slams IPv6
PCM2 writes "In the MIT Technology Review, Simson Garfinkel, noted author of Internet security books, writes that "the next version of the Internet Protocol, IPv6, will supply the world with addresses by the trillions. Too bad it will also make the Net slower and less secure." His article goes on to explain that all IPv6 code is untested and therefore insecure; that IPv6 makes encourages 'peer-to-peer based copyright violation systems'; and of course, that the switch is never going to happen anyway (and yet, somehow, the United States is 'falling behind')."
...by David Weekly can be found here.
Good summary of CIDR and NATing adoption, too.
The Army reading list
Is this article technical or is it political? It sounds as if it might be better suited for the opinion pages.
MIT is one of the great hogs of current IP addresses, maybe if issues like this were addressed no knew system would be neccesary.
vampirical
Well sure the ipv6 code isn't as tested as ipv4 and might be insecure at first... But did that stop the internet from being built on ipv4? It's a stupid argument against upgrading to a new technology.
Cthulhu Saves.
IPv6 is native in Windows XP as a module.
It's just not active in...........anything else. No routers have it. No providers have it.
I dunno what the problem is, but if MS can beat it to market, there's something wrong.
Sure, they're not exactly the most honourable or squeaky clean businesses on the planet, but they sure as hell are the most popular.
0110100100100000011000010110110100100000011000100
All this talk of IPv6 has got me thinking about its possible effect on existing internet tools like ssh, ftp, telnet and apt-get. Will their normal functioning be affected at all by the increased address space and QoS provisions in the protocol? Or are these changes totally transparent to pre-existing apps, which will only need to be re-written to take advantage of the extended functionality? Will I need to update my apt.sources file?
security and functionality over speed. Speed will catch up, eventually. doing NAT everywhere sucks. If speed is the biggest con, then, well, there is no con.
and of course, that the switch is never going to happen anyway
Oh, whatever. Tell that to people when we are finally no longer able to effective manage the IP addresses that we've run out of.
The coolest voice ever.
The result of this decision made nearly 30 years ago is that the Internet simply cannot handle more than 2^32 or 4,294,967,296 devices.
I thought we were running out of /20 assignment blocks, not addresses.
/28 anymore except the IPv6 approach ends up using 4x the memory for each address.
Of course if you increase the number of assignment blocks, routers will need more memory and were back to the same reason no one will route a
Hey MIT - do you really need/use all 16.7 million IPv4 rotable addresses you have? Why not share a few?
Don't blame me, I voted for Kodos
Interesting... The author slates NAT for being an easy security option, causing firewalling problems and not letting each device have its own IP. Then he seems to fail to mention that letting each device have its own IP opens up a whole host of possible attacks. Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?
1) Install the Longhorn pre-beta, build 4096 ...by default(!)
2) Start > Run > cmd
3) type ipconfig
4) notice that it tries to get IPv6 address
I have an ipv6 tunnel set up cuz I'm a geek but I still cant figure out what to do with it?? Help!
Sig: BEEeeeP,,Please press pound, so I can get on with my fucking life!
Damn,
with only 3 routers at the medium-sized business I work
for, this is going to cost us $187,500 !!!
No IPV6 for us
Walker sees NAT as encroaching oppression by the "powers that be", whereas Garfinkel seems to take the "powers that be" point of view! Simson how you've changed!
In fact, Walker is skeptical that even IPv6 could promote "consumers" back to "peers":
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
I think that admins will find themselves not bothering with IPv4 for individual things at their site when they find themselves out of IPv4 addresses for less-critical things.
For example, pretend it's 2008 and IPv6 is commonplace. You have a IPv4 /28 from your provider. You also have an IPv6 /48. The /28 has been fully allocated since 2006. Your www.yourcompany.com server will have an ordinary A record pointing IPv4 users at it for a long time yet, but what's your plan to let people on the outside get to your [insert-not-entirely-mission-critical-thingy-here] server (that happens to work with IPv6)?
It's an even easier decision if you, as a home user, get a single static IPv4 address for your DSL line as well as an IPv6 /48.
"It will be the biggest, the most drastic, and the most comprehensive change to the underlying structure of the Internet in more than 20 years. "
I'd love that thought applied to space.. It's so confusing, and hard to do, we should tuck our tail between our legs and run! This change will happen one router at a time.. correct me if I'm wrong.. but I do believe IPv4 addresses will coexist with IPv6. And lets face it.. for the most part, this will be done my highly experienced techs at the ISPs, and filter down to very experienced end users at business. Dialup and High Speed users could use IPv4 for ages sitting behind their ISP's big gateways.
"The deployment of IPv6--the sixth version of the Internet Protocol--will be a massive undertaking that will require the reconfiguration of more than 100 million computers."
It's not like this will happen over night.. and one day all the end users (hi mom) will have to become IPv6 Gurus. Once again, we're back to.. It's hard.. lets run away.
"But when the IPv6 rollout is finally done, not all the effects will be positive"
Argh.. this guy bugs me.. He seems to totally forget about the evolution of software.. Of course it'll be slow at the beginning.. then some company like Nortel will put it all into a hightech ASIC chip.. and we'll leave IPv4 in the dust. For each of his arguements.. there's a swell counter arguement, that's never far from reach.
Faz
-=-Ze End-=-
Quote: "Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever."
I bet they said that when IPv4 was invented.
This sig is in Spanish when you're not looking....
"Japan, China and South Korea will jointly develop the next-generation Internet technology IPv6, aiming to have the global standard for the technology set in Asia, the Nihon Keizai Shimbun reported yesterday.
US firms now dominate the market for equipment like routers that serve as the infrastructure for the current IPv4-based Internet.
By working together, the three countries aim to take the lead in developing technologies for a world in which all equipment is connected to the Internet"
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
But if IPV6 is 'untested', as he says, how can he be so sure it won't float?
Let it be tested and then we'll know.
There is absolutely no security requirement! Security is supposed to be applied in other layers, with SSL and stuff running on top of an assumed unsecure link.
It would be *nice* if there was better encryption support at low levels, to overall prevent information leaking, but even total lack of such features would mean no step back from IPv4.
Simson's right in denying IPv6's short-term inevitability, but he's still being too easy on it! IPv6 is just plain dumb. He should say it.
IPv6 creates much larger headers, so there's more overhead, particularly, as a percentage, on short packets (voice, ACK's, etc.). So it'll waste bandwidth, or lower effective throughput on fixed bandwidths. We need this? It is not even using its 128 bits efficiently. The general approach is to use the top half to identify the network and the bottom half to include the 48-bit MAC address of the computer. That was a clever hack in 1985 when proposed for DECnet Phase V (which never caught on) and became an approach in OSI CLNP. But that was not for a public spammer-ridden insecure Internet. Now it is a security and privacy hole to do that. It also means the 128 bits are not used efficiently -- we are tight with 32 bits, but an address for every atom?
IPv6 also does nothing for QoS (ignore the hype, which is based on a misunderstanding) and nothing for security (IPsec works just fine with v4). It just wastes bandwidth. So it does something for, oh, MCI. No wonder Vint (the Chauncey Gardner of the Internet) likes it! And Sprint, AT&T and VeriZontal. Great.
IPv4 could use a decent replacement some day, but IPv6 is everything you don't like about v4, and more. Eccch. A dozen years since it was "adopted" and it's gone nowhere, for good reason. The Asians weren't so involved with IETF at the time, to know the messy politics behind it. And btw the whole thing about their not having addresses is false; there is plenty of space left in the IPv4 space waiting to be allocated where needed. China can have more, as they provide more and more spam relays for the h3rb@1-v14gr4 crowd.
Typical American Ethno-Centric viewpoint.
We'll *HAVE* to move to IPv6 when the third world finally gets connected! China 1+ billion people.. India 1+ billion people.. it starts to add up!
Americans.. a whole world exists outside of your borders you know.
-=-Ze End-=-
nobody will ever need more than 640 IP addresses.
Garfinkel says IPv6 has problems, but "NAT is really the devil".
"the apparent security that NAT provides is a mirage"
He says "NAT's one-way fence makes it harder for...Kazaa, but it's also a problem for Internet telephony and the next generation of multimedia groupware applications."
He concludes that sadly, IPv6 will be a long time coming.
Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth's surface. There are so many IPv6 addresses that humanity will never run out of them--never, ever.
HAHAHAHA! Thank god for IPv16. We have enough IPs to assign 16 billion IPs to every cubic picometer of the plant. humanity will never run out of them--never, ever.
Actually, many backbones have switched to IPv6 because ROUTING is FASTER on IPv6 than IPv4.
On this simple fact I assume that the author of this article just don't know what he is talking about. As for security and as for NAT (which is less secure than he even thinks it is, as a protection).
IPv4 has seen many, many security issues in the *recent* past btw (ISN Prediction anyone ? Spoof with any ip)
He also forgot that there are tunnels from ipv4 to ipv6 and from ipv6 to ipv4, effectivly adding compatibility. If someone is stuck with ipv4 somewhere on the globe, np, he setup a tunnel to ipv6 and none is stuck. Damn FUD, I say.
refs:
IPv6 FAQ
Routing
(IPv6 has less headers => faster routing
(Better QoS => more efficient network
(etc.)
I'm not really sure where to look for the answer to this, but I'll give it a shot. To me, it seems like a lot of migration worries stem from the fact that the IPv4 and IPv6 address spaces are different. Wouldn't having a system where a subblock of 4billion ipv6 addresses mapped directly to the same 4billion ipv4 addresses help people migrate toward IPv6? That way, in the transitional period between v4 and v6, if I try to connect to a ipv6 address that maps to an ipv4 address, a smart networking stack would be able to retry the connection using v4 if the v6 address doesn't respond.
I hope that kinda makes sence(sp?)
-Bucky
Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I have no strong opinions on the technical merits of IPv6 but I want to address the above statement, and the (IMHO) wrongheaded mentality behind it.
Why should the fact that these monopolistic groups oppose new, useful technologies, lead anyone to the conclusion that those technologies should be abandoned? Shouldn't we rather abolish the MPAA and RIAA?
When the light bulb was invented, did anyone argue we should abandon it because the candlestick industry would oppose it?
The truth is that new digital technologies are making "content" businesses like those represented by the *AA's obsolete. There is no benefit to society to engage in costly, counterproductive and futile "wars" against P2P and other useful new technologies in the name of enforcing "intelectual property" laws created in a different era that now benefit only special interests and not the public interest.
Ummm... MOST Windows users? Virtually EVERYONE? Look at the figures, dude. That's exactly what people do -- even some businesses do it.
I don't know about linux or the unixes, though.
IT's not a matter of ability, but of adoption (no-one's using it, though most os's support it)
"Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT? "
MIT gives all machines a public IP address. When my company was working with them, it took awhile for our people to even believe it. I remember trying to explain to the programmers that this is actually how the internet was designed to work.
It's odd hearing people complain that without NAT, machines are insecure. While you get stateful firewalling for free with NAT, stateful firewalling without NAT is even simpler, so dumping NAT isn't exactly a security risk.
Maybe MIT feels guilty for hogging a whole fscking class A, so they do their damndest to use as much of it as possible.
Assembly is the reverse of disassembly.
Yet another example of how America is sticking its head in the sand, and opening the way for serious countries to become the new world powers.
I don't understand the point you are trying to make.
We are running out of IP addresses. So we are going to switch to a new standard to get more.
How does that translate to ethnocentrism?
Is this guy high!?! He's claiming that the (MP|RI)AA will be against IPV6 because it allows more people to share their content via P2P just because people won't have to be NATd anymore?
HELLO! That's like blaming the car manufacture because some guy was talking on the phone and slammed into a bus load of 1st graders. The car had nothing to do with it, it was the jackass on his cell phone!
It's the same analogy that's been used with P2P now. Just because some people trade illegal content on Kazaa doesn't make Kazaa as a whole illegal. I think this guy needs to get his facts straight.
Simson Garfinkel is an incurable gadgeteer, an entrepreneur, and the author of 12 books on information technology and its impact
Translation: he's old and new technology scares him. He writes books about technology because he doesn't actually understand it. Describing P2P networks as being "for teenyboppers" is quite insane, he must have never tried to download anything large recently (especially given the maturity of solutions like BitTorrent for free software / content distribution - even NASA used it to release their Magellan rover software to the public). This guy should retire and stop his "THE SKY IS FALLING" shriek of panic. Suggested activity: gardening.
He also has absolutely no suggested *solutions* to the problems that he pretends exist. It's not as if IP6 is going to be any less tracable than IP4, nor will it magically create problems that didn't already exist. People are still going to want to firewall off networks under IP6 - in the same way that IP4 can be firewalled off - but this will be done without NAT.
Just because a protocol is "new" doesn't automatically mean that it's a danger. I have to wonder if this guy has never bought any new software in case the CD is so new that it's infected with the Ebola virus. Which makes no sense. Yes, corporations typically hold off adopting new products till version 1.1 or 2.0, but there's no point condemning the early adopters to insecurity hell before IP6 has been rolled out to the public.
Next he'll be complaining about kids and their music... why in his day there, etc, blah, blah.
Everyone seems to be switching from Linux 2.4.x to 2.6.x
Now we're going from IPv4 to IPv6
What the fuck do you people have against the number 5?
--I don't want the world, I just want your half.
But still a bit harsh on IPv6....
/64 network, but it has yet to be seen whether certain organizations might, for the hell of it, get allocated /8 networks because they can. As near as I can tell, the high 16 bits seem to be somewhat protected, but you never know what will happen. If there is a grab for /8 networks among big players, you have the same problems that IPv4 has today.
As to the notion of never running out of address space 'never, never' as he puts it, I wouldn't be so sure. The 32-bit address space provides 4.2 billion addresses. With that in mind, we are much nearer to exhaustion than current usage would dictate. It is all about the allocation, and if sloppy allocation occurs, the 128-bit address space of IPv6 could be exhausted too. For example, the architecture of current implementations make it so that the smallest subnet anyone will likely allocate are 64-bit networks, and use MAC addresses (or something else, but still 64-bit, because it's easy), so immediately you take the address space down tremendously. Still should be well more than enough for everyone on earth to have a
As to security implications, it is true that implementations will be for the short term future less tested and therefore likely to contain critical flaws, but still IPv6 code is receiving a fair amount of testing, and critical flaws will not be quite so devastating as you may think, no more than an Apache, Linux Kernel, or MS security exposure, which we have seen all of in fairly recent history without the sky falling.... Of course the wrinkle in this is a lot of the 'home router' concepts that happen to protect common home systems will cease to provide that protection. They provide NAT features, therefore masking to an extent the system behind the device. Despite what the author says about NAT being bad because it doesn't protect against things like browser exploits and physical intruders, NAT is on the level of firewalling in terms of protection. Any reasonable network security person will realize that browser exploits, email worms, and physical intrusion must always be kept in mind, and it has nothing to do with NAT or firewalling. NAT remains effective at, for example, fending off web server and rpc attacks from unsuspecting or experimenting workstations. If NAT goes away (hopefully), people need to be mindful of good old firewalling strategies. Implementations are maturing (experimental ip6tables implementation, for example, is approaching closely the ipv4 iptables featureset). If cable/dsl 'routers' revert to hubs in a wealth of addressing, I expect either cable/dsl 'firewall' devices or increased ISP vigilance to deal with the more widespread system exposure.
All that said, I like IPv6 (my desktop, gateway, and laptops are using IPv6 and each have public IPv6 addresses, keep NAT on IPv4 on some systems), but I (and everyone else) has been waiting and watching a long long time and no encouraging migrations are yet to be seen, and I doubt the near future will bring any incentive to push such a change.
XML is like violence. If it doesn't solve the problem, use more.
hmm.. even when we go extrasolar as a species?
every day http://en.wikipedia.org/wiki/Special:Random
People can write XHTML code, but until web authors start to tell their web servers that they are sending XHTML then the UA will just get tag soup.
The moral is: Using a technology is worthless unless you implement it correctly. ... That and most people are still better off with HTML 4.01 Strict anyways.
This whole thing is moot with regards to Internet Explorer since they still haven't gotten around to supporting the line in XHTML documents yet, nor do they support the various xhtml mime-types.
Heh heh, you said 'bridge' in a discussion about IPv6. Funny, that.
Escher was the first MC and Giger invented the HR department.
Ever wonder why only Americans complain about IPv4?
Isn't funny how Asian nations, which you ignorantly claim have so many IPv4 addresses available, are the principal backers of IPv6 right now?
Don't feel bad -- most people are incapable of believing in any problem that doesn't affect them personally.
File under 'M' for 'Manic ranting'
First of all, don't take it as a given that we will go extrasolar ever. It's also quite possible that we will be (largely) killed by an asteroid or nuke ourselves into oblivion.
Second, unless the universe is an awful lot bigger than physicists think, the prospects of having more than 2^128 devices seem pretty dim. Heck, there's probably not enough energy in our galaxy to make that many devices, so...
I hereby place the above post in the public domain.
The author should probably reread "Lisp: Good News, Bad News, and How to Win Big" IPv6 is probably not an engineer's wet dream, but I think it's probably the future. In the 80's Symbolics made these wonderful highly configurable workstations that used LISP as the assembler. Unfortunately, they cost about ten times as much as the new "Personal Computers" and needed highly trained, highly paid programmers. How many /.ers are reading this on a Lisp Machine?
This seems like such an American view here, "We own 3 billion of the 4 billion addresses, we won't ever run out so why should we care about the rest of the world..."
Anyone know what the adoption rate of IPv6 is for the major broadband ISPs? TimeWarner/Comcast, etc?
What with Win95 being EOL'd, a fair number of them will be upgrading to Windows XP (or Linux, OK?) with it's built-in support. Maybe the best approach would be from the bottom up?
Chip H.
It went the way of netscape 5.
find / -name "*.sig" | xargs rm
Well, you know what? You don't move to IPv6! You add IPv6. You can still keep your IPv4 connection. Then you can start adding IPv6 support to each protocol and application, one at a time. You can and will still be fully IPv4 compatible. You'll just allow yourself to use IPv6-only services and make it possible for you to set up new new IPv6-only services even though you've run out of IPv4 addresses.
I'm not sure at all.
The IPv4 addresses are inefficiently distributed. MIT for instance has 16.7 millions of them. IBM too.
Entire classes of addresses are reserved for things we don't REALLY use like multicast and so on.
Plus we now have NAT and CIDR that help save some addresses.
I bet we could use IPv4 for 20 more years. IPv6 is to complex, bulky and inefficient.
I studied it and the fact that MAC addresses are in it blows me away.
Aren't the IP addresses a logical layer that prevents problems when you change a NIC ? If each time you change your NIC you have to change you address I foresee lots of trouble here.
And 128 bits addresses, okay, but entire classes are already wasted (multicast, network IDs, etc) and in the long term we could run into the same problems !
Anyway its too expensive and slow for the moment. Nobody wants to pay 1 million dollars for the last Cisco router with IPv6 where the one we bought last year for another million is working just fine.
Why not just add an extension to IPv4 if we really need these addresses ? I know it has a lot of flaws but hey, why change EVERYTHING ?
Iraq: war to save the U
Is this like: "I think there is a world market for maybe five computers."?
What *if* molecular nanotechnoloy takes off? Humanity then decides to build a large space based object, which will be built by a massive number of 'replicators', each working within a 100nm per side cube. (Raw material will come from a passing asteroid.) It is decided that each replicator is to be individually addressable. The number of IP addresses required is then (<linear size>^3)/((100nm)^3). 2^128 addresses will be required to build a 700km cube.
Sure this far fetched, and there are lots of other technologies which need to be invented before something like this can happen, but lots of today's things were far fetched in recent history.
"Five is RIGHT OUT!"
1. "Twelve Days of Christmas:" you get 6 "geese a laying" & 4 "calling birds," but 5 expensive "gold rings." You can shoot the birds. ;)
2. 5 is not an even number: it makes slow people stop thinking when they try to divide it.
3. A family of 5 usually means 2 parents & 3 children: nobody wants to be the middle child.
Life is irony, and nothing ever goes as planned.
There has been a natural fear amoung engineers that using the number 5 could result in a technology becoming self aware and ruining it for everyone.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Right now.
As far as IPv6 security goes, I'd like to see the new and interesting worms and network scanning utilities that can scan such a huge number of addresses, 4 billion addresses wasn't a difficult feat for programs that simply scanned incremented octets in IPv4, but now we have a lot more address space to slow such things down... this could just as easily be a problem though, imagine blacklisting a network from a spammer... oh darn, looks like they just need to find another billion addresses to randomly use.
the U.S. Department of Commerce recently set up a task force to look at the issue, since it's widely believe that IPv6 will be more secure than IPv4 thanks to its use of IP-level encryption.
More secure?
Does this means everyone who promote IPv6 would be considered as Terrorist?
IPv6 sucks. Not because it doesn't work, but because it is designed to do too much.
...but too bad. Now we have a Godzilla of a protocol being speced by people in the marketing department.
The substantial increase in overhead in every packet increases traffic without increasing data being transfered.
The substantial increase in overhead at the router level to deal with all the added "functionality".
But let us discuss the rational for doing it at all: The increase in available space is nice all by itself, and could be accomplished, again, all by itself, by simply increasing the number of octetts in the address.
Rather than a "dotted quad", how about a "dotted sextet"? 65.188.192.168.4.4
That is in fact what I thought "v6" meant when I first heard about it. A simple and direct improvement in the one place where it could serve to be improved.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
IIRC, MIT has a class B IP range, meaning it has 255^3, or 16,581,375 IP addresses. while China and South Korea--with a combined population of more than 1.3 billion--have been allocated 38.5 million and 23.6 million respectively. Does that sound unfair to anyone? MIT having 6139 students, plus faculty and staff, compared to China having over 1 billion people. China as a whole barely has over twice what MIT has in IP allocation, while having 160,000 times more people. I believe this is a biased, pointless article, written by a moron who does not realize the enormity of what he's saying. Many Asian countries are literally running out of IP addresses, and he's complaining about "lack of security", and thinks that no routers support IPv6 (Pretty much ALL Cisco routers support IPv6 flawlessly.) This man does not know what he's talking about.
got sig?
Every planetary system gets one IPV6 address. Problem solved!
There's so much wrong with Garfinkel's "review" of IPv6 that I won't be reading his security books. Meanwhile, at the SpeakFreely RIP (repost) thread, the NAT bashers get poked pretty hard.
--
make install -not war
No, that's Simson and Garfinkel. Get your facts straight!
Of coarse the speed of light might make a different specification necessary any way.
Assuming it is:
1. Cisco Routers suck at IPV6.
That's kind of an implementation issue rather than a protocol issue wouldn't you agree? If word gets out that Cisco Routers aren't providing bang for buck then there are always alternatives as you have suggested. If performance really matters then IT managers can argue the point that the corporate policy is outdated and has to change...
2. There are too many addresses.
Too many addresses is certainly a better situation to be in than not enough addresses I'd argue. Pretty much everyone in this thread that has had to deal with NAT has put forward that it's a deal with the devil: it's a just barely sufficient hack to a tricky problem.
3. IPV6 addresses are too large.
Extreme amount of memory to hold routing tables? Sure, if addresses were picked at random with no regard for the overall layout of the Internet. There's nowhere in the protocol specification that says all 64 network bits have to be used at once when rolling out. Give every ISP it's own separate chunk of the IPV6 address space to which it can portion out to it's customers, and routing may actually become easier, not harder. With 64 bits used for routing I'm sure every ISP in the world could have way more individual IP addresses than it could possibly need, and there would still be plenty of network prefixes left over. We as a community now have a lot more experience in dealing with address allocation issues than we did in 1970...
4. The IPV6 header is too large.
Oh, please. If you're worried about conserving a mere 20 bytes in each packet don't you think more would be saved by design superior compression schemes for when the data intensive applications like Voice, TV, Radio, etc become an integral part of the internet? Also, what's the difference today if a web page takes 40 seconds to load, or 41 seconds to load?
These aren't discussion points, the complaints are too trivial for that. I would hope that you put a bit more effort into research if I were the one reading your dissertation. IPV6 may not be perfect, so point out some REAL design problems if you're going to try.
In order for the general internet to function primarily off of IPv6 (and actually see the benefits), there are several things that would have to happen:
1. Most major firewall vendors would have to support it;
2. Load balancing vendors would have to support it;
3. Cache vendors would have to support it;
Home-based router vendors would have to support it;
4. IT administrators would have to understand it (they barely understand IPv4, forget about IPv6;
5. Major co-location facilities would have to offer IPv6 support on the network connectivity; and
6. The majority of hardware and software running on network devices would have to be versions that support it (which isn't the same as that the vendors support it).
Fact: Most vendors of firewall products have only recentally announced support in their flagship products for IPv6 functionality. Only when the majority of users actually use versions that support IPv6 will there be critical mass.
Fact: most load balancing systems don't support IPv6.
Fact: Most routing products sold today for edge use don't support IPv6, and will probably never support it.
Fact: Consumer and even general business ISP's don't provide IPv6 support for connectivity.
IPv6 is akin to multicast Internet access: It is available in a few places, some networks can and do use it, some network hardware vendors support it, but as a mainstream technology that people everyday encounter, it will never be widespread (or won't happen in a LONG time). Predictions of it happening in this decade are way too optimistic, and if it does, then it could easily trigger a buying spree for network hardware that supports it of the like we have never seen, and network equipment stocks will probably explode through the roof. I don't feel this will happen though.
I have IPv6 from my ISP. Its enabled by default for every one of their clients, and has been for more than 2 years. Most of the other small providers in Europe are now offering it standard, and I have talked with one large telco who will be trialing it this year, for a rollout before a big marketing push in September.
/48 block of IPv6 at home. All my machines speak it, Solaris, Mac, Windoze, BSD, cisco, Nokia, Ericsson. My firewall filters both IPv4 and IPv6 with no problem, the rulesets are quite similar. With autodiscovery, router advertisements, and all the other cool protocols built into the IPv6 specs, adding a new machine means it just works.
But as the whingey Garfinkel points out, the U.S. is very much behind the curve in IPv6 rollouts. Typical corporate american incompetence.
As for routers, all real routers have it. It takes more effort today to get a cisco router without IPv6, because all the machines being delivered recently come with a version of IOS which has IPv6 installed. Just waiting for a Cisco Certified Button Pusher to configure it correctly, and bob's your uncle.
I have my own
While typing this response, I ran some statistics on web servers I manage. Approximately 5% of the traffic was IPv6 during the month of December, up from about 2% last June. That means that 5% of the PCs out there have IPv6 enabled, connected to an ISP offering IPv6, and are using an IPv6 capable browser like mozilla or IE6.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
IANARIAAR.
threat IPv6 is to their police actions
The RIAA would like to make it clear that it never pretended to be the police. Any misunderstanding is the fault of MIT or the author. They will be dealt with accordingly.
You can't judge a book by the way it wears its hair.
I went through the entire current posted responses, and I'm suprised people missed mistakes that - in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article.
The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.
Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.
One transition strategy calls for most computers to simultaneously have both IPv4 and IPv6 addresses. The problem with this approach is that there's never a good time to have people start deploying systems that are only V6--that's because somewhere, somebody is going to have a machine that's V4 only, and they won't be able to communicate with you.
This is so horribly backwards, he must be joking. One of the points of IPv6 is that IPv4 can be routed within and through it. (visa-versa too, but let's assume we're taking about an all v6 net) The real worry would be when someone created a v6 only site that some v4 person wouldn't be able to address.
Ugh. I think IPv6 upgrade path will be similar to analog and digital cell phones. They're still able to route to each other, and the improved features and quality of connections have caused people to leave older analog phones. The older phones still have better coverage; but, the newer phones are still able to switch to analog mode if necessary.
Problems with a v6 peer not being accessible to a v4 peer aren't too worrying to me. The same technologies enabling Akamai and NAT will almost certainly solve that.
One obvious solution is an automated DNS -> TCP/IP forwarding service:
Amy is cute.
Let's take my network. I use 192.168.0.xxx and 192.168.1.xxx. The class b 0 subnet is for servers, 1 for random machines. Makes my firewall rules a little cleaner to read (nothing routes to .1).
So I decide to use VPN software to connect to my office, which uses vpn software too. Now how do I connect to any of the machines on the 192.168 blocks on either side?
Worse yet, what if I want to add a second vpn? IPv6 solves this by giving everything an ip.
So what of the NAT provides network security issue? Simple. Accept all traffic on one nic for an ip address, and bridge it out on the other nic. Between the two nics, your CPU comes into play, where a process (the kernel, ipfw, ipf, pf.. something) takes in the traffic of one and limits output to the second.
So tell me.. where's the secuity problem?
-
ping -f 255.255.255.255 # if only
I still think re-working the way people think about IP addresses will solve more problems.
E.g. You're toaster doesn't really need a public IP does it? [or your cell phone for that matter].
Good use of NAT can solve all of these problems...
There is no reason why certain companies/schools have millions of addresses each. Plain and simple.
Tom
Someday, I'll have a real sig.
I saw the user name and thought it might be a troll, but I was bored and thought I'd reply anyway. :)
The fact that the original comment getting modded up to +4, 70% Interesting and 30% Insightful is what really amused me.
You seem to have read what you wanted to into the article rather than what was written.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
The Tech Review was right, 32 * 4 = 128. Note that they said the size of the Internet address field (number of bits), not the number of addresses.
We all know the rollover to v6 will be costly both in terms of actual new equipment bought and the time to test and instal new software. Oh well.
I'm not a network guru like a lot on here but to me, the lay person, the IPv4 issue sounds a lot like the Y2K problem. Just another problem caused 30 years ago because the fast paced spread of the technology wasn't forseen.
Eventually we are going to have to face up to the fact that we NEED more IPs and something will have to be done. It's better to suck it up and get it done early so lets get moving! Looks like Japan and China are doing it. Why the hell can't we?
New software contains new bugs. Hardware upgrades are expensive. NAT is not a magic bullet.
Does this man write a regular column called "The Obvious"? He should.
Nothing worth doing is worth doing today.
You pick up the goatse.cx! --More--
The goatse.cx welds itself to your hand! --More--
You feel stupid! --More--
The Slashdot Moderators are after you!
With 128 bits of address space, why not drop the port altogether? No more port assumptions when taking a DNS name plus a URI.
The big bonus: you can migrate services very easily, since a socket owns the whole address. Currently this is very kludgy in IPv4. Process migration would get much simpler with the network socket thing out of the picture.
20 bytes overhead is not "mere" when it's part of every single packet, with trillions or quadrillions of packets sent every day
It's hard to be religious when certain people are never incinerated by bolts of lightning.
All my machines speak it, Solaris, Mac, Windoze, BSD, cisco, Nokia, Ericsson.
;)
Ah, but do they run Linux?
All I gotta say:
nslookup 18.244.1.102
or
dig -x 18.244.1.102
-- Note: If you don't agree with me, don't bother replying. I won't read it.
all forseeable security holes have been patched
... "forseeable". That is the point right?
Yes, but
/more sleep
/more caffeine
/more expensive crack
It took reading the slashdot blurb three times before I did not see Simon & Garfunkel.
Visit CryptoGnome in his home.
Today's Internet uses IPv4, the 4th version of the Internet Protocol. (Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5.)
No. Third version of the networking protocol (NCP was the first, in use til '83, then ipv4). Simply that when they needed a new protocol number, the first 5 had been used already. 5, if I remember correctly is ST/ST2. Seems like the earlier numbers are weird multicasting experiments and such (not to be confused with IP protocol numbers, where 6 is TCP).
How am I supposed to read this garbage, when he can't even get that right?
Wow.. so you're telling me that before IPv4 was around, the load balancing systems, routing products, and consumer and general business ISPs, and all those other folks you talked about, they all provided support for it?
No? They didn't even exist before IPv4? Goodness, however in the world did they come to support it then? Saw a market and developed for it, perhaps?
But you're probably right. Nobody will ever do that for v6. After all, nobody ever wants to be the first to move into a market that doesn't have any serious competition yet.
Get real.
Like any technology, some folks will go for it too early and die. Some will go for it too late and have a hard fight, but those in the middle.. who get in just as the window is fully opening up.. they'll fly.
Given the IP shortage in China, Japan, and South Korea, and given how fast they're playing technological catch-up, I'm willing to lay odds that you're very wrong.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
That means my desktop can open up a peer-to-peer connection with my desktop at work, but it also means that my daughter can network her machine directly with some teenybopper P2P network in San Jose. Getting everybody's home machine out from being a NAT box should make possible a lot of interesting applications that are either very difficult or downright impossible today. And in all likelihood, some of those applications will not be popular with the Recording Industry Association of America or the Motion Picture Association of America, both of which have taken the lead against peer-to-peer networks. As soon as they understand what a threat IPv6 is to their police actions, they are likely to start fighting against.
I thought that most P2P applications work well with NAT....maybe I am wrong. Any ideas on what kind of applications the author could be talking about that are "either very difficult or downright impossible today" ?
that IPv6 makes encourages 'peer-to-peer based copyright violation systems'
Wow... They're being very technical here.
What next? Are they going to lobby for a new reserved TCP port called "RIAA_SERVICES" ?
All I have to say is that I'm not really going to take seriously somebody whom talks about security problems but still serves webpages from a M$ IIS server..........
Actually, before IPv4 became the "protocol for the Internet" there were no server load balancers. There were no dynamic routing protocols. There were no consumer or general business ISP's. As such, no, they didn't support IPv4.
Only ten years after IPv4 did many of these things really start becoming popular. There never has been a situation where one protocol replaces such a widespread protocol as IPv4 to my knowledge. Despite all the obvious flaws in FTP, and the fact that HTTP can be used for everything FTP does, people still think "FTP" when it comes to file transfer on the Internet.
There are several protocols that I don't expect to see replaced any time soon. HTTP-NG died on the vine, BGP-4 is still the primary internet routing protocol used between ISP's, despite many shortfalls, and FTP bites as a file transfer protocol, due to protocol behaviors that don't fit well into load balancing and firewall configurations. Telnet is used widely even though SSH is available for most functions, etc. People change to new technologies very slowly even when there is a compelling need to change to new technologies, simply due to the learning curve and time investements needed to make the change.
Your points are very valid however, and I've debated them often in thinking about IPv6, especially at what point companies should start looking to develop for it. The problem is that from a business perspective, not enough companies are willing to jump in, and unless they do, a criticial mass won't develop.
On the flip side, the fact that IPv6 is being deployed more widely in so called "catch-up" markets with large numbers of people will help push the protocol forward, but at what point will a website such as CNN be available on a pure IPv6 address? At what point will such a site be availabe ONLY on IPv6? Once the majority of the top 100 websites are available through pure IPv6 methods I will concede that the transition has happened, and everything else will topple to IPv6. Until then I will wait to be disproven.
The people who can afford to upgrade can afford to push the switchover forward. If you can't afford the hardware, then you probably can't afford to lobby very hard against IPv6. So yes its about money, but as a community /. should be worrying about the health of the internet in general.
I'm not trolling. I recently posted in the story about DNS changes that we're going to start seriously breaking compatibility sooner or later and we might as well take it in baby steps, but IPv6 is not a baby step. Properly managing the addresses we have might not give the developing world enough time to shape up their IT infrastructure, but the the more time you give 'em, the less it'll hurt everyone when you make 'the big switch'.
We don't have to put it off forever, just until we reach some magic cost/benefit ratio (9x%) to make a big switch. 5 yrs down the road, enough IPv6 able hardware will be lying around to give away as freebies in order to upgrade the remaining % of hardware that needs it. Ya dig?
[Fuck Beta]
o0t!
All the issues discribed in the article are expected when implementing a new technology. Of course there will be bugs in the protocol code and of course there will be hardware issues. It's like saying hey when we implemented IPv4 we had no problems whatsoever. Moreover, Windows XP was perfect out of the box (lol) and there isn't a single application on Linux that has a problem. Point is this new technology means new bugs. So it will be worse in the first stretch but for the rest of the run it is benificial.
-illumina+us "I put on my robe and wizard hat..."
The way I see it NAT was a necessity becuse if the suits were left to themselves we'd be right back to MaBell telling us what can connect to the net and when....and paying thru the noze for it. There are lots of big ISPs that would love to have complete control of what you connect...no Xbox, PS2, or Linux for you without paying $$$...or not at all because it's not "supported". not to mention corperate or government suits trying to crack your internal boxes...or simply knowing you have 20 devices in your house...it's none of their business!
Looks like a slam to me. Stupid and wrong but a slam just the same. The man is a Ludite and I'll never have much respect for MIT Technology Review again. The article is pure FUD and flamebait.
MIT must be mortified their name is associated with that rag. I predict Garfinkel's removal, a shake up, or the removal of the ability to use the name by the magazine over this.
Friends don't help friends install M$ junk.
Several of the comments seem to result from what I think of as "dubious" assumptions about IPv6. I got tired of listing these every time the IPv6 migration discussion came up, so now I maintain that list in a web page: Dubious Assumptions About IPv6
The Chinese will build IPv6 equipment, and it will be dirt cheap. There will be IPv6/IPv4 bridges, but as more and more cool apps are developed that require v6, consumers will demand it, and those ISPs that can't provide it will go out of business. Sticks in the mud will be able to run IPv4 internally to their networks indefinitely, and people will build kludges of various kinds to provide interoperation.
In retrospect, Xerox had it right in XNS - 48-bit MAP addresses on the LAN, and 48-bit net numbers for routing between LANs. When the transition to IP came along, the old ARPANET lobby wanted to just transition by putting their IMP number in the second half of the IP address, and adding [10.0.xxx.xxx]. That's how we got into this mess of class A, B and C networks, netblocks, NAT, and all this other junk.
IPv6 is in some ways worse, because the interpretation of those 128 bits is complicated. Not everybody gets an autonomous system number and gets to participate in routing.
The minimum MTU has been increased in IPV6, which offsets the IP header size increase. The extra overhead will be negligible.
Think of it this way: To send a thousand octets of data it may take 2 packets using IPV4 but only 1 packet using IPV6. Two IPv4 packet headers equals 40 bytes. One IPV6 packet header equals 40 bytes.
Admittedly the overhead may increase when small packets are being sent, but the extra features of the V6 protocol more than compensate for this - there's more to IPV6 than increased address space (see RFC 2460).
Anyone who can't spare an extra 20 bytes per packet should probably upgrade their 9600bps modem from 1990 anyway...
All I did was fill out a single spreadsheet questionairre that asked me how many PCs I had on my network, how many I was projected to have in the next 12 months, if I was going to use VPN, and whether or not I was setting up an ISP. It took me all of 10 minutes to fill out, then I got my class Cs assigned (I just needed a hundred or so initially) lickety-split. Wasn't an ordeal at all.
It's gotten to the point where my wife (the brass rat of the family) get a oh-no-here-it-comes look when she sees me reading her MIT TR.
*smile* I gather they do, but you have to solve a truely wicked stack to subscribe.-- MarkusQ
In an act of good will in the mid 90s, Stanford (the only other school with a Class A network) gave theirs up. They did this for the greater good while knowing that it would leave MIT with bragging rights as the only remaining university with a Class A. Sometimes doing the right thing is more important than bragging rights. Even so, many of the geeks at Stanford thought it was a real tragedy. The other 50% of the sutdent body didn't even know there was a change.
Lasers Controlled Games!
25 years ago, I used to write software almost exclusively in assembly language. Using your logic, I should still be writing software in assembly language for 16-bit processors. After all, that is the more efficient use of valuable transistors and silicon.
Mea navis aericumbens anguillis abundat
...do you really think any ISP or admin is just going to allow machines to be directly exposed to the internet on equal footing with servers, routers and more important equipment? I don't care if there'e IPSec in there, it just isn't reality unfortunately.
The only way IPv6 is going to take off is if there is some profit motive behind it, because that's what drives the idiots of business. They don't care about whether it's better, faster, safer or newer unless "Joe Consumer" is going to jump on it like a jackrabbit in heat.
And... the only way that "Joe Consumer" will want it is if it's trouble-free and comes built into their computer. So... when M$ launches Windows Longhorn XP Trusted Networthy v1.0 and it comes pre-installed on any PC from the big two vendors, then... maybe "Joe Consumer" will buy into it. And it would have to provide some noticeable benefit. Peer-to-peer aint' it. "Joe Consumer" would probably be more impressed if his cell phone was an IM device that was always on and proxied to his desktop/IP phone/fridge/TV etc...
But think about it. Do you REALLY want your devices directly on the net? Especially these days? I mean really... with the number of cracked and infected Windows boxes on the net, I'm seeing 600-1000 hits per hour now on my firewall logs. There's so much crap on the internet right now from infected and 0wn3z0r3d machines, it's really not funny any more. They need to make damn sure that this stuff WON'T be a problem before they attempt to jump to IPv6 and give everything an IP.
Un-news
I'm slightly more interested in the other features that ipv6 offers than the increased address space itself, such as increased security, improved routing, and (finally) a mandate to multicast so it'll finally become more useful.
... only speading FUD.
Some facts in his article are just wrong, or at least very biased.
IPv6 WON'T encourage 'peer-to-peer based copyright violation systems'.
IPv6 WON'T be less secure than IPv4.
IPv6 WON'T make the internet slower, in contrast it will make it faster (as soon as the networking processor are switched).
http://blog.gauner.org - just a blog
The article makes an origami boulder of a statement -- everything is jumbled together, poor explanations, incomplete statements, real problems, unrelated facts... only to come to conclusion that is nothing but a wild guess.
Contrary to the popular belief, there indeed is no God.
The real issue is getting a few major ISPs and some of the popular web sites to support IPv6. Web sites mostly don't run it because their ISPs don't, but if native IPv6 becomes available, it's easier for them to switch. The problem for ISPs isn't so much security (though they obviously care about that), but reliability - the degree of reliability testing and the level of developer exposure to weird real-world events is much more limited with IPv6, which makes them hesitant to really jump on it since there's minimal market demand (using "market demand" in the sense of "people who will pay you money if you have it and won't pay you if you don't" rather than "people who think it might be cool but aren't handing you money".)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
IP version numbers Damn, this isn't lame, hope it isn't lame enough now.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
"The deployment of IPv6--the sixth version of the Internet Protocol" - 6th version? no it isn't, it's version 6.
:)
"Each about 500 bytes in length" - wrong, i can change my packets to 15Kb in size if i wanted, or even 512KB
"Versions 1 through 3 never made it out of the lab. Neither, for that matter, did Version 5." - right... he doesn't realize that ipv6 is just called that because of the 6 areas to insert a IP address: area1:area2:area3:area4:area5:area6. version 1, yes it does exist, this is my ipv1: 1345396058 (long ip).
"There are so many IPv6 addresses that humanity will never run out of them--never, ever." - never say never
"those routers don't have similar hardware that can route V6 in hardware: those packets have to be routed in software, which is a slower process." - all enterprise routers, which the Internet runs on, can have their roms changed, no changing of routers required
I also noticed one more flawed thing with his article, he talks about IPv6 coming, and going to be widespread, then at the end he makes it seem as if it isn't coming.
He seems to of sparsely researched how IPv6 works, thus, resulting in this really bad informative article.
Change is certain; progress is not obligatory.
You know, mods, when someone puts the word "troll" in their nick, you're supposed to pay attention.
The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many. Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
Here's an application for you: there are more than 4 billion people on the planet. When we're all hooked up, what do you suggest? Do you really think we'll all be online behind some uber-NAT devices 50 years from now? Have fun using your cell phone/PDA/personal whatever when you and 1000 of your neighbours are all sharing the same IP, and you're using a protocol as complicated as *gasp* FTP (hint: NAT breaks more than it fixes). Really, please share with us what the "shortcoming" of too many address is. Overkill, it may be. But how does it hurt the protocol?
The problem with a 64-bit network prefix is that routing tables become massive. Just do the math and you'll see that extreme amounts of memory are required to hold routing tables.
The whole point of IPv6 addresses is that we can do more EFFICIENT routing, as opposed to the hodge-podge of rules we have today. IPv6 routing is FASTER than IPv4.
This means that downloading stuff will take 3.4% longer.
Wow. A whopping 3.4%. Now, in the real world, a lot of us use MTUs > 1500. So we're talking just over a single percent. Stop the presses! Oh yeah, there's this neat thing called header compression, by the way.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Yup...18.0.0.0 /8.
:)
I don't know what they're carrying for upstream capacity now, but back in they day they were connected to both of the BBNPlanet Cambridge POPs via FDDI.
The old cambridge2 pop was actually onsite at MIT (and worcester1 was located at WPI, for the interested)
// Agent Green (Ian / IU7 / KB1JQO)
// IEEE 802.3: All 10base Are Belong To Us
And yet even as I read this you are moderated "4, Funny". If I had any moderator points I'd give you one to see if it would skip 5 and go to "6, Funny".
google for it ...
http://www.iana.org/assignments/ipv4-address-space
It's just marked as "IANA - reserved." If they gave it up years ago and it still isn't helping, all they did was do a gesture. Are there any plans for it?
He is fairly aggressive at attacking IPv6, and even contradicts himself in his fury against the protocol...
all IPv6 code is untested and therefore insecure
Yes, if you don't count university networks that has been using 6bone for several years now. Read up a bit on 6bone, and you'll see that the primary purpose of it is to function as a testbed for IPv6. But of course, computer scientists aren't really able to find and fix problems in the protocol.
IPv6 makes encourages 'peer-to-peer based copyright violation systems
I won't even comment on this...
Deploying IPv6 means that every application that uses Internet addresses needs to be changed.
However, isn't IPv6 designed to be backwards compatible? I.e. have a separate address space that emulates IPv4? So there isn't an urgent need to switch *now* when it starts getting used? Using the IPv6 stack should not mean an unability to talk with IPv4 clients.
Today, most routers come equipped with special-purpose integrated circuits that can route IPv4 packets very quickly. But because there is no demand for it, those routers don't have similar hardware that can route V6 in hardware
I'll just let him contradict himself:
"The code that lets computers talk on an IPv6-enabled network is now built into the current versions of Windows XP, MacOS, Linux, and many forms of Unix. Every router made by Cisco comes ready to run IPv6. So does every Nokia mobile phone. The whole world is getting dressed up for the IPv6 party."
If they're already implementing software support for IPv6 before it's even starting to get used, doesn't he think this is a sign that the manufacturers are dedicated to bring hardware IPv6 support once it gets even more widely used? If not, he needs to explain why.
He complains about upgrade costs too, which seems to be a concept never heard or experienced by him before, as he seem to be in shock while discussing it.
But what IPv6 boosters won't tell you, unless you press them, is that every new IPv6 nameserver, Web server, Web browser, and so on has new code--code in which security problems may lurk.
True, updated software might get new bugs if they aren't tested properly. What's new? This risk is taken daily by adopters of upgraded or new software.
Beware: In C++, your friends can see your privates!
Right now I use a NAT to route things around on my home network. However, I can't route port 25 to two different computers behind a NAT so I have to use one e-mail program on a single system to handle all the e-mail for every domain I have control of. Mercury Mail on my coloed server has no problem with this so I have no problem with this. My spam-can is just a catch all anyway running on my home connection. I have one router with NAT handling the server and one router at home handling the home network.
If I had an IP for each system I could use one firewall per system and forward external IPs to internal systems behind individual firewalls with specific ports open on each if I wanted to. I may just keep the current set up for simplicity and cost effectiveness. There's no point getting more than on IP and more than one NAT if you're not running multiple domains.
IPv6 doesn't remove NAT. It just makes it possible to use multiple NATs each with a unique external IP. This is possible now. I have a number of IPs accessible to me from my ISP but this would be more common.
So really, nothing in this area will change. It will just be more common that home users are running multiple differently configured firewalls to a number of different networks. One firewall capable router per IP. Same as always.
Only in a university have I found that having 1 IP per system is an excuse not to use a firewall. It really should be required that a router be added into the cost of buying a new system. The excuse of course is that faculty will mess with them or take them off or that it will cost too much for techs to set them up.
Even if I had only one system on my internet connection I'd be using a router. I don't trust Windows or any OS directly on the wire.
Ben
Work Safe Porn
...just to build a hierarchical protocol on top of IPv4? Perhaps my understanding of this issue is insufficient, but bear with me. Suppose my local network has an external address of 12.34.56.78 and that I have a server with an internal address of 192.168.0.4. How difficult would it be build a protocol atop IPv4 that accesses my server as 12.34.56.78.0.4? All the internet backbone has to be concerned with is getting low-level IP packets to and from my LAN, and the hardware is already there to do that. The only additional requirement is for my router to recognize the higher-order protocol embedded in those packets and direct requests to the proper server. Am I missing something here?
One big problem with NAT is that it creates passive internet consumers. When everybody uses NAT the real content of the internet is provided by the big players that can afford public ip-addresses for their servers. In the original internet without NAT everybody was a content provider. Just think about all the content that will never be published and the cool technologies that never will be developed when everybody uses NAT.
:)
Say no to NAT! Say yes to public addresses for everybody!
> > The most important thing that IPv6 does is quadruple the size of the Internet address field from 32 bits to 128 bits.
> Quadruple? 2^32 * 2 != 2^128. In fact, there is a very distinct difference. I would hope a writer for the M.I.T. Tech Review would know the difference.
Sheesh. He is talking about quadrupling (4 times) size of the address, not address space. And you didn't even make your wrong argument correctly. You should have said 2^32 * 4 != 2^128 which is the right wrong argument.
I haven't read such a pack of bunk in a long time--it's not worthy of the MITTR.
Garfinkel claims that IPv6 won't be viable to roll out because routers need to be upgraded. Dude, that is an ongoing process. Does he think that today's IPv4 routing hardware can handle tomorrow's IPv4 traffic? Let's see, how many protocols did the early Internet support? I guess they never merged to IP, because it was too expensive.
Also, he's a bit of a pollyanna about NAT--NAT is not a reason for why IPv4 is going to survive. It's a fiendishly shit kludge. Ask anyone that received a 10.0.0.1 answer from Verisign DNS last week. NAT sucks. It's a fix, but it sucks.
Lastly, IPv6 shouldn't be deployed because it relies on _software_ being changed? Oh gee, I'm sorry mr. Garfinkel, but I'd completely forgotten that every single networked application, nameserver, mail server, and web server has evolved code-wise to a layer of abstraction and perfection that we never have to worry about another security hole again! Aren't we happy that we've all reached BIND25, which never ever has to be touched again for as long as we live?
What an idiot.
Cole's Law: Thinly sliced cabbage
As someone who was around during the IPv6 specification phase I can tell you that the spec that finally emerged from the IETF (following a great deal of ill feeling) had two main goals:
1) Not to be anything like OSI on principle
2) To be conveniently routable on the hardware then typically in use for academic workstations
So frankly, it's no real improvement on IPv4 and failed to consider ways of reducing latency and increasing the robustness of routing in large-scale carrier backbones.
It was too late even back then to consider the great "switch over" because there were just too many autonomous network operators around with no incentive to change unless everyone else did (those of you who knew DECnet Phase IV will remember a magic switch which was supposed to cause your entire network to transition to Phase V: not many customers actually activated it for the same reason).
The future is probably some rather different local area network protocol for all of those home appliances (connecting your PC, iPod, TV, PVR and toaster) and something different again for the long haul.
But it will have to be demand-led.
When you think consumer gadgets then the US isn't the first country to come to mind - its Japan, Taiwan and China, Malaysia, Korea and the Philippines (in no particular order).
If every gadget gets an IPv6 ip address then its irrlevant what some ex-MIT/Mass commentator thinks. Asian and especially the Japanese with KAME, are sniffing around for another edge that they can get.
Once the millions of games consoles get IP for LAN parties then ISP are going to be driven kicking and screaming into IPv6. Console sales outnumber PC sales so what Microsoft think here is irrelevant (unless its XBox related). Nope, in the same way that GSM eclipsed older analogue Cellular networks (with multi-billion costs in upgrades), then IPv6 will eclipse the older IPv4 and the drive will be consumer gadget driven.
At first it *seems* that NAT is a security improvement but lateron you will recognize that it' not.
NAT can never be a replacement for a firewall, especially a packet filter. Writing packet filters when NAT is involved will lead to a lot more complicated rulesets. Complicated rulesets mean that people easily leave holes in their firewalls and this means that the firewall can get insecure.
Moreover people will not be content with NAT, they often want/need programs that can be accessed from the internet which is by design impossible with NAT. To overcome these limitations, people set up "port forwarding" on the firewall/NAT machine and route specific ports to specific machines. This makes once again machines behind the firewall/NAT vulnerable to attacks - but even worse, the rulesets of these port forwardings get very often forgotten and are often incorrectly set up which once again creates holes for attackers.
NAT is indeed - as the author of the article states - a faustian bargain and I doubt that removing NAT setups will raise security hassles.
Moreover note that with IPV6 you still *can* do NAT, so if it's your choice, leave your NAT box that way and you can still switch from IPV4 to IPv6, but with IPv6 you have also the option to drop NAT.
You write: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?"
I would say: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no security between?"
As I denoted, setting up a packet filter should be easier and more transparent than setting up NAT. And don't forget, that the security issues emerge from the windows machine.
There are too many addresses. There are 16.7 million addresses per square metre of the earth's surface, including the oceans. This is overkill. The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many. Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
Regarding 1: as someone else has said, that is an implementation issue, not a fault of the protocol itself. if Cisco fails to scale with the tech and times, they will be replaced.
Regarding 2:
Either your scope is far too limited, or you simply are not very creative. When considering usage of IP space you must go beyond the technical to the social. Therein you will find problems and uses that can easily exhaust the 4 billion addresses.
Routing consumes IP addreses. Depending on how the IP blocks are distributed (subnetted) you can lose up to 25% of available "space".
As more people come on line applications not realistic in today's climate will as well. VOIP doesn't work so well when you can't contact the other IP because it sits behind a NAT box. If 2 billion people have 1 phone with VOIP, that would account for 2 billion addresses. All on it's own. Yes, eventually we are more than likely to see phones w/IP addresses. As voice and data merge in that arena, it will be in the interest of the service providers to move to a single unit ID: i.e. just a number, not a phone number, hardware number, etc.. This means it is likely closer than any of us realize.
This brings up another, more pressing drive in IPv6. The routing possibilities that are not there for IPv4. under IPv4 I can't take my IP with me to Singapore, for example. Heck I can't even take it next door to my neighbor's house. IPv6 has that capability in it. Even 1 billion people using VOIP on mobile phones would crush the existing infrastructure (but not because of IP space). Add to that laptops, PDAs, agents, and automobiles, and you rapidly see that 4B IPs is far from enough in the future. One of your inabilities to see the problem is you appear to be looking for a single application that will consume that space, not multiples.
As deployment of phones, mobile computing systems infrastructure monitoring (there are approximately 10+million miles of power infrastructure alone that could use some good monitoring, which can consume lots of IP space as well), increased WiFi hotspots to cover significant portions of the inhabited land, all eat into space.
NAT is not a solution for it falls flat in many ways. Self-discovery, auto-discovery or even guided discovery become impossible to do when multiple machines behind a NAT box need a specific port. further, when the machines need to be able to be contacted directly, NAT is a poor, if workable at all, solution.
Back to the social, the more scarce a resource is the more costly it will be and the more people will try to hang on to them. By increasing the space, we decrease the scarcity. Surely you've taken a decent econ class, right? If there are too many IPs, we wouldn't see hoarding and th costs of having an IP would be less.
If I were you, I would not assume the sole benefit to IPv6 is the size of the address space.
Regarding 3:
So what if the tables are bigger, if as is the case, they are faster than IPv4 routing. In an increasingly connected world, the problem is the routing issue and the speed of routing, not the size one particular portion of the whole. Take, for example, autos. A car is X fast and weighs Y pounds. Add a bigger engine that makes the weight Y+15 and now the car is slower right? Not if the power increase is enough to accommodate the weight, in fact in many cases it may even be faster.
IPv6 routing lookups that are faster are using a different technology for the hardware that has a high chance of lowering cost. It is folly to assume that tomorrow's stuff will look, work,
My Suburban burns less gasoline than your Prius.
I suspect that beyond the technical advantages of IPv6, such as a vastly bigger address spaces and faster routing, the US Military (and Government) see that it is important for American strategic interests to spearhead the upgrade of America to IPv6 so that America is not left behind by the Asian countries.
I also think that the IPv6 capability of Linux is one of several reasons why Asian and other non-USA dominated countries are switching to Linux. With Linux they have a chance to ensure that their Internet traffic starts and ends in machines where they can trust the software - because it is open source. As has been said before, one of the drivers of Asian IPv6 adoption is their need for a bigger address space.
Once IPv6 becomes much more common, expect to see a lot of new companies, and some existing ones, launch new products for both the mass consumer and the specialist markets, that are only feasible with IPv6. Watch Asia, especially Japan. for the first evidence for this. If I had to pick a year for this to happen, I'd suggest 2006 - but maybe I'm being unduly conservative.
Basically, IPv6 is the future.
"Put another way, the switchover will result in roughly 5,000 addresses for every square micrometer of the Earth?s surface. There are so many IPv6 addresses that humanity will never run out of them?never, ever."
just thinking of a thousand swarms of 600 billion nano-robots conquering the deserts of some evil country desperately seeking WMDs. we WILL run in trouble with these 128bit adress fields...
* a merry live and a short one
4 billion possible addresses on IP4. Are anything like 4 billion devices on the Internet? Or is it closer to 250 million worldwide? Just 6% or so are used.
You see, it doesn't actually matter what you *need* or even what you might be able to make use of when there's a land grab like IP addresses, or names, what matters is what you can get. Corporations, governments, ISPs, device manufacturers will grab the maximum number they possibly can in the offchance that some VP in accounting will want an IP address for each cent in the corporate bank account. So instead of making use of 5% of the IP addresses they own, they'll make use of 0.000000000whatever1% of the addresses they own instead.
Government of the people, by corporate executives, for corporate profits.
And here's to you, Mrs. Robinson Jesus loves you more than you will know (Wo, wo, wo)...
This sig was generated by a barrel of trained kittens for SeXy_Red (550409).
.... all the starts will be dead and there will not be enough energy to send a ping form one place to the other (since all matter will be so widely dispersed that the energy available to you would not be enough to transmit anything to the nearest place).
Or the big crunch would be on its way, in which case exahustion of the IP address space would be the latest of our priorities....
IANAL but write like a drunk one.
However, given the sad, vulnerable state of security and privacy, I'd expect more authors to expound on the benefits of IPv6's privacy and authentication mechanisms.
Likewise, as more bandwidth is eaten by spam and music downloading, IPv6 addresses quality of service, and better routing and addressing capabilities.
The only two reasons not to go IPv6, at least for intranets, is either espionage agencies oppose increased security and/or a particular large vendor fails to support it well. Maybe there are others. Wireless networks and VPNs are being thrown in all over the place. These are the perfect places to start with IPv6. The other option is NAT, but that will eventually have to be redone when the move is finally made. Kill 2 birds with one stone and install the new VPN or Wireless net with IPv6.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
in the words of my girlfriend - must mean that the author was simply having a bad day and couldn't be writing this as a serious article
/. account :-)
/.), from now on I'm just going to consider him another clueless journalist.
Amy is it? Does she have access to your
I read the article last night when I was a bit sleepy and I did post a response about my IPv6 experiences (its here, deal). He's either clueless, or was told by the publishers what kind of slant they wanted to bash IPv6. I recently had a conversation with a potential client who wanted me to rid their network of anything which could cause a security breach by unknowingly being on IPv6, this article brought back that discussion.
After re-reading the article today with a good night's sleep, I think the author wrote the article in two separate sittings, and was pressed by an 800 lb. deadline to write something, anything. So he dusted off an old, unfinished article about migrating to IPv6, added some non-researched controversy, and submitted the article.
That makes the best excuse for this drivel I can come up with. He's a hack, and since he managed to piss me off (and most of
the AC
And I'm snarfing your analog/gsm phone analogy for my next conversation with clueless gits
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Maybe if corps and universities weren't given absurd amounts of IPs that they will never be able to use then this "running out of IPs" excuse wouldn't fly.
Want more IPs available from the IPv4 address space? Take them from people who aren't using them.
At least now every printer doesn't have its own internet routable IP...
And how does your cute example solve the address shortage problem with IPv4?
;)
Since you still NEED an IPv4 address to be compatible with your IPv4 peer.
Basically you have reinvented NAT, except for v6 to v4. And everybody knows NAT is evil
--Blerik
No, I do not want every single gadget to be readily available on the net and ready to be telnetted into at any time. In fact, lemme rephrase that: I explicitly want them _not_ to be available on the net by default.
If the service company needs to telnet into my fridge, I'll jolly well open a port for it myself. And close the port when they're done.
Everyone is ranting and raving about Microsoft's security. Or rather: lack thereof.
But you're asking of me to suspend disbelief and trust that every single toaster maker will write perfectly secure code. Code which can't possibly have a buffer overflow. Code which can't possibly be exploited over the net.
No, sorry, I don't buy that. My experience says that more likely they'll hire some burger flipper to string together some libraries he doesn't even understand. And he probably doesn't even know what a buffer overflow is, much less how to test against one.
And don't give me that "but how will they guess your 128 bit IP address" stupidity. Not only it's security by obscurity, it's also the non-working kind.
How do people know your e-mail address? Do they have to randomly test every single letter and digit combination? Well, no.
And neither would they have to guess your 128 bit IP addresses.
It doesn't even take much imagination to just start a database of working IP addresses, same as every single spammer has one for e-mail addresses.
And the best part? Since the addresses aren't dynamic, you only need to find each of them once. Then it stays there. Whoppee.
A polar bear is a cartesian bear after a coordinate transform.
>IPv6 will help satisfy the demand for IP addresses for a wide variety of consumer electronics
How?
Sure, there are more bits in the address, but consider how the address is composed. There's typically an identifier portion (the x in 192.168.0.x) which differentiates local devices on a local network and a "prefix" which identifies a point of network attachment (the part of the address on which routing operates).
It's not local addreses that are (allegedly) running out, but routable network prefixes. You wouldn't hard code the network prefix into any appliance, or you'd end up with every router in the world having to have a 128-bit flat routing space. So there has to be some network gateway which provides the local prefix information and if it has to be there for that purpose, it's quite capable of providing network address mapping to the IPv4 space for the foreseeable future.
[Oh, and IP isn't particularly well designed for big LANs either (because of its point-to-point heritage): ARP is pretty unpleasant overhead for appliance devices on large networks (all those broadcasts).]
So while it's true that there will be more gadgets and that they will need some sort of ID for autoconfiguration/usability purposes, that doesn't mean they necessarily want an IPv6 network address built into them.
When everything is switched over to IPv6, then the internet goes back to its original plan - where all computers are equal; they all have their own address, they can all do whatever they want (or, whatever they can, given the hardware inside of them) like run servers, etc. The big thing about IPv4 is that not all computers are equal - one IP goes to one broadband modem, and there's a NAT present in the event of more computers behind the one IP address. In this IPv4 situation, not every computer can do whatever they want (like run servers, etc); the computers behind IPv4 NATs are consumers. The computers behind IPv4 NATs aren't equal contributions to the internet, they're there to consumer services.
I'd imagine the companies providing these (or any, for that matter) services are trying quite hard not to switch to IPv6, where, if us present-day-consumers don't like how they handle the services, or if the billing for these services isn't what we expect, we can simply do it ourselves and take them right out of the picture. With IPv6, the providers would be forced to listen to their customers or risk not being the providers any more.
The site, as well as the posters in this discussion fails to address another important hurdle in IPv6 deployment: applications!
It seems as most people seem to address the transport layer problems; such as migration and reconfiguration of network equipment (routers) as well as end-hosts, the more important application layer deployment is neglected.
Think, when all end-hosts and immediate routers are IPv6 ready; and hosts can one day communicate with each other natively over IPv6, what is the use if the pace of application development fails to follow?
I have worked with IPv6 in my final-year thesis; as well in an internship with NTT (a part of the KAME project sometime back), we can get FreeBSD up and running with IPv6 almost instantly, but what's keeping us back? Applications, of course.
The socket connection functions within the applications need to be upgraded (mainly to support a bigger address structure). For example, the sockaddr_in has to be upgraded to support sockaddr_in6, the address structure for IPv6. After that has been done, more changes in the User Interface might need to be done (for example, to allow users to enter IPv6 addresses directly in a textbox).
Fortunately, after a 4 years, the most important applications have already been ported. Apache now supports IPv6, same goes Mozilla and IE, and most importantly, BIND for DNS resolution.
However, there are still probably thousands, if not millions of other applications that need to be ported one by one (albeit simply).
The link from google to port your application:
Porting applications to IPv6 Howto
Ok, I apologize for the stream of conciousness style of my posting but there were a couple of issues that I just didn't get.
First, OK, NAT IS THE DEVIL. But the authors security argument about NAT was that people were using wireless lans and getting in through the backdoor to attack the PC's. IPv6 doesn't do anything to mitigate that.
Second, the idea that having every object in your house have a two way freeway to the internet has to be a ddos attackers dream come true. Sure I can see my 67 year old dad setting up a firewall to keep his web enabled toaster from sending out bad and evil packets onto the internet. Right after he wins the XPRIZE for that orbital Refrigerator he has been working on. Get real, most users can't figure out what an icon really is, and now they will be the key to securing this brave new world.
Third, does this not let ISP's charge more now that we will be using 100's of IP addresses?
4th, think of all the applications that haven't even been thought of yet. Come on. At least with the new ipv6 we will be able to watch his daughter go to college, and probably follow her on dates and to the bathroom. PROGRESS? Not meant to be an insult, but the purient aspects of all this technology just floors me sometimes. I guess I am a Luddite.
So in closing, I think it will happen and I for one don't care if we (the US) lags behind. In the long run that will make it cheaper for us and the pioneers can take those arrows for us. And as for using up most of the ipv4 address space, what can be said but "WE RULE"!!!
224-255 are for multicast.
I'm confused as to why we just don't have 1 or 2 multicast class A's, because AFAIK, no one uses it! At least my ISP doesn't really support it.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
there are lots of other advantages of ipv6 compared to ipv4:
/128 into multiple subbits (like /4) helps in the logical arrangement in the address.
/48 (65535 subnets) if you are able to utilize 200 subnets within 2 years. by default (i don't know how they run their network - if it is efficient or they just subnet their network and waste all the ip address) they may have a hard time getting allocation from arin. they might need to get the suballocation from a provider (since it is hierarchal) so that's why they are opposed to the idea.
routing - different rirs have now created policies that will make routing much efficient. it will be hierarchal so routing tables will much smaller (thus faster routing.)
headers - the ipv6 headers has been optimized compared to ipv4, data transmitted includes qos (standard)
multicast - no more broadcast. we don't have to worry about too much data storms in our network (better bandwidth utilization.)
autoconfig - ipv6 provides for automatic configuration of ip addresses. this will make transition much easier since most devices can be made ipv6 ready and activated and it will automatically configure itself and run on ipv6.
tunneling - you can do endless tunneling to seamlessly support ipv4 and ipv6 networks together. you can easily put an ipv6 backbone with ipv4 clients running (with all translation under the fe80 range.)
addressing - clear policies has been made with regards to addressing (and routing as well) to prevent problems that have plagued existing ipv4 networks. the division of the
maybe since mit has 16.7million ip addresses, they are afraid of ipv6. based on existing policies agreed upon by rirs (arin, apnic, ripe), you will be allocated a
even if they do not switch to ipv6 (i hope they will be the last one.) the entire world will be running in ipv6. here in asia, it is much harder to get ipv4 addresses. so we are already experimenting with ipv6 (and readying for production grade native ipv6 networks with full peering and routing - we have purchased ipv6 routers in preparation for a full ipv6 backbone with ipv4 tunneled instead.)
software is increasing its support with ipv6. windows xp already has support (not so savvy end users can now start benefiting from ipv6.) linux and apps already has support. most network equipment now supports ipv6. heck my mobile phone can access an ipv6 network natively!
final words. go ipv6! it's about time. (and note to all admins, experiment with ipv6 and you'll see.)
p.s. slashdot was inaccessible for a few minutes before i posted this content
Live your life each day as if it was your last.
There's lots of interesting things you can do with a scheme like that. For example, NTP uses the various loopback addresses to implement fake peer clocks. The particular quads specify "drivers" and parameters to use to talk to the time source.
What's nice is that it's portable top any system with a sane sockets layer.
It's the kind of thing where you look up some service in a database, which gives you a number. You translate that into an IP address, then try binding to it to see if that service is available. Forget TCP, you can just use raw IP datagrams since there's no way delivery can fail. It's more familiar territory than IPC for some people (and more portable).
Well, maybe 16 million is excessive. We only have 64k TCP port numbers, and that hasn't been too problematic.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Solaris has it front to back since 5.8, so does OSX. Oh and Irix. Hmmm, all the BSDs and Linux. Yup. Oh, and HP-UX. And AIX 4.3... hmmm, what else... oh yeah, Symbian 7.0 for phones and WinCE. VxWorks and QNX seem to fully support it too.
And Cisco IOS. And gee willy, aren't a lot of Linksys home networking boxes one flash update away from supporting it, you know, being based on embedded linux and all?
Well gee whiz, that's like, NOBODY. Microsoft must really be on the ball here.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
that is 15 too many.
Also, you're right about the 192... I haven't had my coffee. I guess what I meant to say was that you won't find a class-a starting with 192. Nor 172. (174->172).
Gak.
240-254 for future extensions, eh? Well I wonder if those counterpredictions claiming we can last to 2020 (mentioned later in these threads) are predicated on the fact that we will start handing those out too.
I think the 255 class A is used to indicate you wish to broadcast on all subnets you're attached to (255.255.255.255). It's the all-networks network.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Amy is cute.
Who is Amy?
Im dreaming ofa big bndwdth, That can resist the
>There are so many IPv6 addresses that humanity will never run out of them--never, ever.
I have heard statements like this before... networked nanotechnology and RFID tags anyone?
Name a route from one of France's enemies to France that an army can take that does not have US troops on it. France could afford to posture during the cold war because Germany and Austria with their huge US garrisons were in the way. ...credit where credit is due.
"America has done some terrible things. But I know that Americans don't cheer when innocents die." -Dave Barry
Usual slashdot of people not knowing what they are talking about.
There are many transition mechanisms defined and being defined for ipv6. These allow ipv4 only to talk to ipv6 only and all other combinations. Some require dual stacks but many are implemented in other ways.
A huge organization could switch to mostly ipv6 only internally and still interoperate with the Internet at large.
The backbone could switch to mostly ipv6 only and home users could remain using ipv4.
There is no line-in-the-sand switchover required, it can be staged and rolled out over time.
We actually need IPs for each workstation (long story as to why).
The code being untested is surely no huge obstacle as it is quite able to be well tested. IPV6 will indeed make peer-peer systems more possible than they are today with many users externally inaccessible directly behind limited NATs. But peer-peer ability does not equate to copyright violation and that anyone from MIT would imply that it does is gross political manuevering. Peer-peer abilities mean that the internet is many-many in rather than strongly slanted to few-many. All nodes become potential producers and shares of information and bandwidth. This was the original shape of the internet and its original promise. It is high time we got back to it.
When will slashdot have an IPv6 interface? By adding v6 to the services and sites that are most used on the internet, it will only accelerate the full migration.
My ISP charges for extra IP addresses ($5/month).
I will still hide multiple systems behind a single address to avoid these costs.
That works in a mathmatical equation but not in reality. For starters I'm not saying A includes B and vice versa, the not means I'm saying that A does NOT neccesarily include B, because I said they are NOT mutually inclusive.
However, if I WERE saying something was mutually inclusive that something merely needs to relate to one another. If you have a whole with mutiple components and when you have one of those components you MUST have another of those components then they are mutally inclusive, they are NOT however identical.
For example, in application an operating system and boot mechanism are mutally inclusive. They however are NOT identical, they are two seperate components which depend on one another.
My point is beautifully illustrated by the existance of circular dependencies. If dependancies were not mutually inclusive they could not be circular, you wouldn't need one to have the other, however this also does not mean that they are identical.
Although you might have a fair argument that two components which are mutually inclusive should be simplified into one component, that isn't the way the real world works. In the real world, component A and component B may not even be made by the same people, or they might be easier to work with if logically seperated (albeit rarely).
I've personally stopped worrying about Simon Garfinkel's opinions since I learned he was one of the editors of the incredibly biased and unfunny Unix Hater Handbook. The only good thing in this book is the Dennis Ritchie rebuttal. Given that Simon has written lots of books that depend on Unix technology and he was and still is a major proponent of NeXTStep and MacOS/X, both fine BSD systems, either the man is a total fraud or he is a complete idiot.
It wasn't intended to fix the address shortage problem with IPv4. It was intended to solve the upgrade path routing problems for IPv4 to IPv6.
Dynamic NAT, as popularly implemented, is "evil." NAT as Network Address Translation is not evil and is a fundamental technology of the Internet.
Oops. Responding while tired strikes again.. (though I asked others around me if I was being coherent - the lies!)
:-)
Yeah, address field.
And when will this compatibility end? Since everybody keeps using v4 addresses, there is no need for people to switch to v6. Is there going to be a worldwide 'lets stop using IPv4' day? Or are we going to stay compatible forever?
As lots of other people have already pointed out, they should have made IPv6 inherently compatible with IPv4, so there is no need to switch.
There is a header checksum field in IPv4, that (as far as I know) is only verified at the destination, and is totally useless. Use these 16 bits to extend the destination address, extend the source address using a V4 option field, and you have extended IPv4 addressing to 48 bits and kept the destination in the beginning of the header for hardware routing. And you are compatible with IPv4 so people that don't need to upgrade won't have to. You have also added addresses without increasing the routing complexity for the core.
This is just a little hack of the top of my head, I'm sure there are people out there that can do better. And my prediction is that somebody will do better and write a RFC for this. Two weeks later all free unices will have implemented this, two months later Cisco and Juniper and all the other big guys will add support for this feature in a software update, and a year later nobody will be using IPv6 anymore. IPv6 is like IPSec, designed by a commitee and dead ten years later.
But this is just my 2 cents, who knows what will happen.
--Blerik
mmmmm IPV6
that never stopped Microsoft from releasing their products.