The State of IPv6

Gnea writes submits this article "about the current state of IPv6, the Next Generation of Internet Protocol version 6, mostly according to Cisco. It's also an interesting roadmap about where and how IPv6 will proliferate around the world.. Apparently China has a grasp already with Korea and Japan, who leads the "Five key Chinese carriers, including China Telecom, China Unicom, China Netcom/CSTNET, China Mobile, China RailCom and CERNET (China Education and Research Network), are slated to join CNGI, building their own national IPv6 backbone independently, while interconnecting with at least two IPv6 IX." while Verio appears to have already tuned into some turnkey solutions recently that are publicly available." And SgtChaireBourne writes "ZDNet is reporting that the EU and South Korea will collaborate to develop IPv6 applications and services. The agreement was finalized at the Global IPv6 Service Launch Event in Belgium last week. There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few."

This is one area the US could get left behind...

[bc90021]

...if we don't quickly develop a plan to start working with IPv6. Most Pacific rim countries have already started, and for them, it is a matter of necessity. Since the US was responsible for a lot of the early internet (DARPA), we have the vast majority of the IPv4 addresses. Other countries (such as China) see IPv6 as a way to "equal the playing field" in addition to solving their "how do I get enough IPs for 1.2 billion people" problem.

Here's...

[ArmenTanzarian]

another short article from GCN on the subject.

Backward Compatability

Will I be able to patch my ZX81 to understand the new protocol? Or will I have to upgrade?

Re:Backward Compatability

[hplasm]

16K ram minimum required..

Re:Backward Compatability

You'll need to download the latest drivers for the ZX81's tape port: http://www.sinclair-research.co.uk/support/drivers /81/ipv6patch.zip.

If you use a ZX80 with the "new ROM" you can use the same update. You will need a 16k RAM Pack to run the IP stack unfortunately.

Re:Backward Compatability

[Sloppy]

Will I be able to patch my ZX81 to understand the new protocol?

You'll be able to use the new protocol, but you'll lose about a third of your screen.

Would it surprise anyone...

[_PimpDaddy7_]

If China, South Korea, Japan move ahead of the US, with regard to broadband, the internet, and amount of homes hooked up to broadband, etc.?

If so how will this change our direction, or would it?

Re:Would it surprise anyone...

[d_strand]

Hasn't this already happened? Parts of europe too i think. US was like no. 10 on the broadband access list last time I checked... still pretty good on total internet access though.

Re:Would it surprise anyone...

Our government would blame its citizens for not adopting IPV6. Those still using IPV4 would have problems getting on planes, having packages shipped, and would be protected from sensitive information, such as IPV6 (because it has encryption.)

Our leaders consider this a top priority and have issued an orange alert over it.

Re:Would it surprise anyone...

[Hott+of+the+World]

As long as companies feel perfectly fine in charging $60, $70, and even $100 USD for sub-quality cable service (or DSL), The US is going to remain behind.

Re:Would it surprise anyone...

[addaon]

Is "the US will be left behind" the new "think about the children"? I mean, since when are we in a competition to have the best technology possible, instead of the technology most appropriate for what we're doing with it?

Re:Would it surprise anyone...

[javilon]

Nowadays, the US seems to think that the only important thing is military power.

Re:Would it surprise anyone...

[nharmon]

As long as people feel perfectly fine in paying $60, $70, and even $100 USD for sub-quality cable service (or DSL), the media and telephone companies will continue to charge these outrageous prices.

Re:Would it surprise anyone...

[rifter]

Nowadays, the US seems to think that the only important thing is military power.

Perhaps, but our military power comes from high technology. The US does not have a huge population or a very large military force in terms of troops on the ground, but we do have technological superiority which allows those troops to be more effective. Some of this superiority includes communication technology. Remember that the internet started as a military project, as were some of the earliest computers.

It therefore makes perfect sense that a more militaristic US should still lead the way in terms of tech. The Cold War and the World War preceding it spawned technological booms. The current move towad Mars and Moon exploration are reactions to fears that China will overtake us in space technology. All of this leads to a confluence of the drives toward both technological and military superiority.

Re:Would it surprise anyone...

[PPGMD]

Well if you want IPv6, in the states, it's going to be the military that pushes forward toward it, based on previous /. articles.

Re:Would it surprise anyone...

[gorilla]

Actually the US does have a large number of troups 'on the ground'. According to this link, the US has a total of 1.4 million "total uniformed, paid manpower organized into combat and support units". This makes it second only to China and India, both of who obviously have huge populations to draw from.

Spam Filter

[musikit]

umm couldn't we use this as a cheap spam filter? since AFAIK ipv4 can talk to ipv6 but ipv6 can't talk to ipv4?

Re:Spam Filter

We have IPv6-in-IPv4 tunnels.

Re:Spam Filter

Well, for one, it wouldn't be cheap, and for two, what's stopping spammers from adopting IPv6 first? In fact, the relegation of NATs to a footnote in Internet history and an abundance of dynamically assigned IP addresses should only make the spammer's job easier.

Re:Spam Filter

[yabos]

It's the other way around.

Another driver...

[CaptainAlbert]

Not something I saw mentioned in the article links, but it's worth bearing in mind that the support of IPv6 is mandated in the protocol stack definitions of the 3GPP standards. This means, to cut a long story short, that all 3G telecoms kit (handsets, basestations and switchgear) will support IPv6 out of the box. At least in Europe and Japan.

So, when it finally stops being vapourware, and assuming that people actually buy into this technology, I'd say that was a fairly good driver for other industries to adopt it too. Not looking forward to the transition though. :)

Re:Another driver...

[garcia]

So, when it finally stops being vapourware...

Interesting that you feel it is vaporware when I have been using it for well over a year and it has been around (in use) for quite a bit longer than that.

I guess there are multiple definitions of vaporware possible but, honestly, if a product is in use by more than a research team, I would consider it to be a current technology.

Re:Another driver...

[CaptainAlbert]

> Interesting that you feel it is vaporware

OK, It's a fair cop. I actually work for a company that makes 3G basestations (hardware and software) for the European and Japanese markets, and we've been shipping them to the operators for years. But even though I have (in some ways, I am!) tangible evidence that the product exists, it still feels strangely like no-one's using it yet.

Then again, I don't have a cellphone, broadband, digital TV or a DVD player. But my SuSE boxen all support IPv6, fershure.

How about "Hot air-ware"?

Re:Another driver...

[Burning1]

I would argue that IPv6 is not vaporware, but that this huge migration to IPv6 that everyone has been talking about may well be.

It's about time!

[W32.Klez.A]

It's about time we move on from the archaic state of the internet we're at right now. Besides the content, nothing's really changed in 10 years, and it needs to. With the current prolonged influx of security problems caused by an infrastructure that was never meant to handle the things we do to it, I'd say it's about time someone big pushes IPv6.

Re:It's about time!

Yep, because we all still use HTTP 1.0 and HTML 2.1.

Re:It's about time!

[MtViewGuy]

I think there are two good reasons to start the phaseout of IPv4:

1. The number of Internet-enabled devices out there are growing at an explosive rate. You really need the vastly larger number of IP addresses available in IPv6 for all those devices out there, even with modern router boxes.

2. It might improve Internet security, since we might have a chance in IPv6 to trace the very specific IP address of the person and/or machine trying to cause security problems on the Internet.

Re:It's about time!

1. That is bullshit. Exactly how many internet-enabled devices do you see that can't run fine behind a firewall? The real explosion is in home electronics where 99% of the time a NATed connection through your router is jsut fine.

2. Thank goodness we can get rid of all anonymity on the Internet now.

Re:It's about time!

[CreatureComfort]

It's about time we move on from the archaic state of the internet we're at right now. Besides the content, nothing's really changed in 10 years, and it needs to.

Besides the content? Ten years ago I was downloading ASCII porn from dialup BBS... now it's not ASCII anymore, but the content still seems pretty much the same.

Re:It's about time!

[theCoder]

Care to offer any real facts and not just hyperbole? I'm not sure why you think that the central infastructure of the Internet is broken. It's not broken for me and the hundreds of millions of other people who use it daily. What security problems are caused by the infrastructure of the Internet? At most, things like DDoS attacks, but IPv6 won't really solve those.

IPv6 may be a good thing for the Internet, but to think that just because IPv4 is older it is therefore not working, is just plain wrong. In fact, because it's older, it's inheritently better because it's had more time to flush out problems, both in design and implementation. You sound just like the idiots who call for the replacement of SMTP (because, you know, it's old, and like delivers spam and stuff), though at least you have a solution to your perceived problem.

Re:This is one area the US could get left behind..

[grub]

Notice how North American-based networking gear manufacturers (Cisco, Nortel, et al) are all offering IPv6-ready devices? Ironically, it will be North Americans that will be late to the party.

The telecoms sat on their thumbs during the dot-com-boom on IPv6, they won't be too eager to spend the money now that cash is tight.

Re:This is one area the US could get left behind..

Vast majorities don't get left behind.

All Chinese to me

[upside]

How did they manage to put six carriers in five? Perhaps if you use NAT you can fit six integers in five... Or is it CCT (Chinese Carrier Translation)? "Five key Chinese carriers, including..." 1. China Telecom 2. China Unicom 3. China Netcom/CSTNET 4. China Mobile 5. China RailCom 6. CERNET (China Education and Research Network) "Including" even implies there are more... OK, sorry. I'm tired.

Re:All Chinese to me

[francium+de+neobie]

It is because the author counted from zero in getting the size of array, and counted from one in reporting the indices of the said array.

Sure he needs to learn his Programming 101 class better.

IPv4 good enough?

[PatrickThomson]

OK, we don't have anough addresses. Ok, lets firewall and subnet. Outcome? I can't connect directly to my friends's computer, and I can't run games (or any other) servers. Decentralised P2P suffers similarly. Rock on IPv6! I have my own IP address, unlike about 1/2 the people at my university and all my friends at other universities, and it's damn useful. Rock on IPv6!

Re:IPv4 good enough?

[slash-tard]

"Rock on" and computer geek terms should never be used together! NEVER!

Re:IPv4 good enough?

[AKnightCowboy]

I can't connect directly to my friends's computer, and I can't run games (or any other) servers. Decentralised P2P suffers similarly.

Well, speaking from a business standpoint, I couldn't care less if people can't connect directly to our workstations from the Internet. The machines we want people to talk to are on the DMZ. Everything else is clients and internal protected servers (file servers, databases, etc.). IPv6 won't catch on until firewall software is updated to interoperate with it unfortunately. Don't expect people to have a change of heart and to suddenly go back to the bad old days of every system being wide open on the wild west Internet.

Re:IPv4 good enough?

[Nasarius]

I have my own "live" IP address at my university, but it's totally firewalled, so it's just as bad :(

Re:IPv4 good enough?

[jheiss]

Amen, I pay $20 a month to my ISP for a static IPv4 IP (I know, it's highway robbery). Then I have to play games with iptables and DNAT to access things from the outside.

freenet6 gives me a /48 IPv6 network (2^80 addresses) for free. And with 6to4 I can get another /48 network based on my one IPv4 address. Every one of my machines (and every square micron of my house for that matter) can have its own Internet reachable IP.

Re:IPv4 good enough?

[sapped]

The problem with this is the daylight robbery that ISP's engage in to provide these addresses to us. Unless prices come down significantly, my entire house will still be sitting behind a router with a single IP going off to my ISP.

For the absurd price differences I will live with the inconvenience.

Re:IPv4 good enough?

[asdfghjklqwertyuiop]

IPv6 won't catch on until firewall software is updated to interoperate with it unfortunately.

Most firewall software already does work with it. It is supported by linux, all the BSDs, Solaris, Win2k+, OS X. All the major router manufaturers support it. The only exception I can think of off the top of my head are those $50 disposable broadband routers that you get at consumer electronics places...

Re:IPv4 good enough?

[TwistedSquare]

I run a Windows machine. There is no way at the moment that I'd give it an IP address and let the internet get to it, even if I had the option. So I have a BSD box to hide it behind. Everyone I know who has got ADSL has bought a NAT box to hide PCs behind even if there is only one, because no-one trusts Windows being exposed to the internet. nmap a Windows box and you'll see why.

Re:IPv4 good enough?

[happyfrogcow]

just because two computers can talk to each other directly doesn't mean they are "wide open on the wild west Internet". but you were speaking from a business standpoint. I'm speaking from a technical aspect as well as a community aspect. the control of who gets to publish information on the internet is restricted by things like NAT which doesn't allow direct connections, and rediculous Terms of Use by ISP that do not allow the running of servers on your paid for connection. Media companies like Time Warner want to restrict who gets to create the information, hence their "Roadrunner" cable service Terms of Use. Give me the "wild west Internet" and remember that the pen is mightier than the sword.

Re:IPv4 good enough?

[Rich0]

Right now I'm typing on a computer which is on a routable class-A IP address. You couldn't ping it if you wanted to - the firewall blocks any access except to a few proxy servers in the DMZ. However, if we ever had a merger we wouldn't have to run around remapping every subnet in the company as a result - our addresses are unique worldwide.

IPv6 really is a solution to a lot of problems. You can assign a 16-bit subnet to every floor in your building and never worry about running out of IPs, and never have routing complications resulting from splitting up subnets/etc. If everybody in the USA could have their own class A, that would be great. As it is, IPv4 can't handle it, but IPv6 can.

Re:IPv4 good enough?

[Rich0]

What does NAT have to do with making a computer unreachable by the Internet?

I have a computer at home using NAT which IS internet reachable (via port forwarding). I have a computer at work which is NOT using NAT which IS NOT reachable - due to a firewall.

Firewalls and NAT are two completely different beasts - they just tend to be implemented in the same box.

If you set up a firewall and tell it not to pass any incoming connections to your windows box, it doesn't matter whether the IP it has is routable.

Re:IPv4 good enough?

[TwistedSquare]

You're right sorry, I tend to use the terms interchangeably because I always use them together. By NAT box I did of course mean firewall with NAT. And likewise I would not put a non-firewalled windows box on the net.

Re:IPv4 good enough?

[shani]

My ISP, xs4all, gives me an IPv6 /48 as part of my basic ADSL.

Or isn't that what you meant?

Re:IPv4 good enough?

[xwred1]

The tunnel brokers will give you your own /64 allocation for free. That is 2^32 times as many ips as there are theoretically availably on the ipv6 internet. All for you to piss away on a home lan of 7 computers if you want.

I have gotten two /64 allocations from someone who got alot more of them from sprint. One I'm using for a handful of machines, the other I'm not using at all.

So it isn't hard to get LOTS of addresses at all. Arin will probably hold off on giving them out to individuals like you and me, but they'll give enormous piles to the large isps and they probably won't have much trouble giving you FAR more ips than you need.

What worries me more is the consumerist trend for the internet. The way download speed is far, far larger than upload speed, the way AUPs don't let you run servers. Seems like a trend, deliberate or not, transforming the Internet into something a little more one sided like Television, where there is a clear division between who produces content and who consumes content. Thats a whole other discussion though... don't mod me down for being off topic, just ranting.

Re:IPv4 good enough?

[rsborg]

Amen, I pay $20 a month to my ISP for a static IPv4 IP (I know, it's highway robbery). Then I have to play games with iptables and DNAT to access things from the outside.

Dude, you should tell your ISP to fsck off, and get a dynamic IP redirector. I use no-ip free service, and they offer win/mac/linux clients... have NEVER had availability or connection issues.

Re:IPv4 good enough?

[j+h+woodyatt]

Don't expect people to have a change of heart and to suddenly go back to the bad old days of every system being wide open on the wild west Internet.

Please explain to me how the "bad old days" were any *worse* than the situation we have today.

Re:IPv4 good enough?

[mpe]

Just because two computers can talk to each other directly doesn't mean they are "wide open on the wild west Internet". but you were speaking from a business standpoint. I'm speaking from a technical aspect as well as a community aspect. the control of who gets to publish information on the internet is restricted by things like NAT which doesn't allow direct connections,

NAT can easily be an issue with business systems. Since companies merge and "partner". It's quite possible for there to be situations where two (or more) previously unconnected networks need to be connected, but there several machines on the same IP addresss...

Vibrators?

[illuin]

> somewhat hopeful research* suggesting that the average home contains 250 devices (toasters, electric toothbrushes, vibrators?)

err... ummm... vibrators? I guess that's just further proof that porn really does run the internet!

Re:Vibrators?

[srcosmo]

I, for one, would rather not buy a vibrator that connects to the internet..

root@rabbit.habit% self_destruct = 1

Re:Vibrators?

[Tenebrious1]

Can you imagine the tech support nightmare?

Hello? Support? Yes, I'm calling because my vibrator is offline... third time this week. What? Software update? No, I don't want it soft. Firmwhat update? Ok, whatever that is, I want it firm, better send that to me.

Re:Vibrators?

[Stray7Xi]

For a second I was worried I had an unhealthy obsession.. But I'm well below average with only 1 toaster and 100 vibrators..

The clerk is really going to be confused when I try to buy 100 more vibrators and saying "I just want to fit in!"

Imagine a beowulf cluster(-fsck) of those

Re:Vibrators?

[Mal-2]

The day we have Internet-connected dildoes is the day a new era dawns, and it represents nothing short of the beginning of the end of mankind. This is the future, and the future is called "dildonics". Now instead of having cybersex via a keyboard and your own hand, you can have your genital stimulation machines manipulated by SOMEONE ELSE'S HAND (or other parts).

At first it will seem a novelty. Within a few decades, it'll be more popular than real sex involving infectious agents and bodily fluids. Those who grow up with the technology won't even realize the potential for harm. Breeding will become completely optional (you won't even have accidents to speak of), and marriage will be doubly so.

The fastest growing population sectors will remain in the Third World, and sheer numbers will mean there is no organized resistance to the barbarians at the gates. Robots will be pushed out of jobs by underpaid laborers who prove even cheaper than maintenance on the machinery, since only a small handful of people will know how to service them and they'll be busy virtually fucking, or installing eSex machines. When the number of the unwashed masses reaches some critical point, they will overthrow their soft, flabby, oversexed masters, quite possibly with the help of the clinically depressed robots they displaced.

Enjoy your Paris Hilton video. Operation FUCKUP is coming.

Or not.

Mal-2

Getting IPv6 address space

[Scott+Lockwood]

Do they still give those out for free? What happened to the people who had to turn their IPv6 addresses back in? Does ARIN issue those numbers?

IPv8

[GillBates0]

It's good to know people are already working on IPv8.

Now's as good a time to start drawing up the drafts as any.

Re:IPv8

[Alioth]

Why IPv8? Why not IPv7?

There is after all an IPv5 (the Internet Streaming Protocol).

IPv6 is dying

I'ts well known that *BSD has the best IPv6 support. Thus we can conclude that IPv6 is dying, if not dead. Once Al Gore and Tom Harkin endorse it, we'll know for sure.

IP6s problem is the numeric addresses r so complex

[Viol8]

With ip4 its failry easy to set up a box yourself with dns, hosts file etc because of the simplicity of the numeric addresses. However good
ip6 might be in other respects , in this respect however its a nightmare. A 128 bit number converted to hexadecimal is NOT a pretty site and leaves a huge scope for typos and other cock-ups.
Ok , this isn't a reason not to use it but it should have been something the designers could have addressed other than just having :: as a shortcut for a block of zeros and leaving it at that.

Re:Very Interesting

http://www.winternet.com/~mikelr/flame80.html

Re:Very Interesting

[gunpowder]

This looks like the (english?) manual of my 'Made in China' calculator I bought last week ...

Re:You're kidding, right?

[d_strand]

Parent is obviously trolling but just in case not:

the only thing that would happen if the US decided to shut down 'their' internet is that the rest of the world would lose access to US sites (when we've reconfigured some routers).

Great For Anti-Spam

[fuzzybunny]

This is good news. It lets me just blacklist everything purporting to come from an IPv6 address, instead of having to figure out which netblocks are registered in China.

that is what I have heard

... isn't ipv6 slow? This is what people say sometimes...

Re:that is what I have heard

I wonder why if I see bullshit I always get points, but if I ask a question I don't even get an answer.

Re:that is what I have heard

[jheiss]

Most IPv6 connections at the moment are tunneled through IPv4 and the tunneling mechanisms do add significant latency. IPv6 addresses are a bit larger, so theoretically it will take a few extra CPU cycles to process them, but I don't think a native IPv6 network would be noticably slower than IPv4.

Al Gore

Invented IPv6 as an afterthought after inventing the Internet.

Re:Al Gore

I'm Howard Dean,

aaaaaaAAAAAAHHHHHHGGGGGGHHHhhhhh!

Give me control of all the nuclear weapons, NOW!

Re:Al Gore

oh you tards,

If I had said Bush I would have gotten +5 funny , but I forgot that slashdot is far more anti-capitalist than the mass murdering Castro or Stalin.

This is Slashdot, We are Communists, We wish the death of all capitalists!

IPv6 is MUCH more than a replacement for IPv4

[anti-NAT]

Keith Moore, an author/co-author of a number of RFCs on IPv6 and other topics, posted the following to the IETF mailing list, regarding what IPv6 will enable and can be used for.

The comment was in response to somebody's claim that residential users would be happy with NAT, and non-globally routable IP addresses for their "internal" networks.

Re: dubious assumptions about IPv6 (was death of the Internet)

That's like saying residential telephone users don't need to have a phone number at which they can be reached. (after all, the purpose of their residential phones is to call businesses for the purpose of obtaining services, right?)

There are lots of apps that would be valuable to residential users if residential users had reachable IP addresses. check the status of your alarm system, or your roast in the oven, or your freezer's inventory. Grab a picture from your baby-cam while you're out for dinner and have left the kid with the baby sitter. Reset the thermostat if you're going to be out of town longer than you thought. Do all of these from your portable phone/PDA which is running guess what? -- IPv6.

Also, don't assume that IPv6 addresses will be used by people or their personal computers. IPv6 enables lots and lots of individually addressable devices which don't have to be associated with individuals. Every km of highway can have an addressable traffic sensor so that police and emergency crews know exactly when and where a traffic accident happened. Every streetlight can be monitored to see if it is functioning properly or if it needs service. Every traffic signal can be made individually controllable so that they can dynamically adapt to changes in traffic patterns. For reasons like this, the demand for IPv6 addresses won't be determined by some linear multiple of the number of humans on the planet.

Finally, don't assume that IPv6 devices will require the support burdens we associate with PCs. PCs as we currently know them are dinosaurs. Appliances that talk to the network aren't going to need the same kind of technical hand-holding that PCs do (because they'd never succeed if they did), and neither will the devices that replace what we now think of as personal computers.

IPv6 will eventually replace IPv4, but it's misleading to think of IPv6 as just a replacement for IPv4. By the time IPv6 replaces IPv4, we won't recognize the IPv6 network as something that resembles what the IPv4 network is used for today. Even though the underlying technology is very similar, IPv6 is really a new kind of network, one that enables things that were really never possible with IPv4 on a large scale.

Re:IPv6 is MUCH more than a replacement for IPv4

Yes, but most ISPs don't allow "servers" to be run on most of the non-premium residential services they provide. (here I'm using a broad definition of server meaning any program that listens for a session open)
What makes you think they're going to allow "servers" on IPv6?
My stove, or VCR, or whatever may speak IPv6 in the future, but ISPs will charge us an arm and a leg to hook them up to their premium service to allow them to be used remotely.

Re:IPv6 is MUCH more than a replacement for IPv4

Do all of these from your portable phone/PDA which is running guess what? -- IPv6.

I do all that today and I don't use IPv6.

I hate it when techno-hypesters flatout lie like this. I know the writer knows that you really can do it all with IPv4, that you just end up doing a lot more configuration of gateways and proxies, and those gateways and proxies end up having the smarts of IPv6 re-programmed into them, with new bugs, a thousand different times by different programmers. But why not just say that ? Why rush forward into these false sweeping implications that there is something you can do with IPv6 that you can't do with IPv4 ?

About every two months I say to myself, maybe I should set up a IPv6 network. If I can find a way (tunneling over IPv4 if necessary) to connect it to other people's IPv6 networks, we can switch over the internet from the ground up ! And then I start googling on IPv6 and the various issues, usually my main initial focus is to find out if IPv6 is good or bad privacy wise. And I find so much crap like the above statement, I just get disgusted and give up. The amount of obviously false claims IPv6 wakkos produce makes me worried that is DOES provide substantial intrusive tracking capabilities.

If you ask certain academic bigots if any program written in a turing-complete language can be written in any other, they say yes. If you ask them if C is turing-complete they say yes. If you ask them if lisp is turning complete, they say yes. If you ask for an example of a lisp program that does something that can't be done in C, without the slightest regard to what they just told you, they begin to show you example snippets of code the produce the same output and claim that they are different. It's the same issue. Those people need to be shot so we can see if lisp really is better, and these IPv6 nuts should be up against the same wall.

Re:IPv6 is MUCH more than a replacement for IPv4

Ah, but you could make the same argument about telephone extensions (you know, the ones you need to dial when you want to reach a specific person at a business with a PBX). In truth, there's really no reason why you couldn't add an additional protocol to allow access to services through NATs. The global level network would just route between IPv4 nodes, and then the public firewall/NAT router would route things to the internal network.

IPv6 is a much more elegant solution, but this whole idea that IPv4 + NAT couldn't meet the needs of Web-connected refrigerators is a false one.

Re:IPv6 is MUCH more than a replacement for IPv4

[Dhalka226]

True, but I don't think that will carry over into the world of IP-enabled toasters and other devices for two basic reasons. The first is pressure, both from consumers who want to be able to communicate with their toaster from work and from the toaster makers who want to sell that ability to begin with. The second reason is really one of logic. Ostensibly the reason for not permitting servers is traffic management; that is, web servers, FTP servers and the like have the ability to end up sucking huge amounts of bandwidth. Even if you're supposedly guaranteed an upstream, you are still sucking bandwidth from the ISP's WAN lines. That, at least, is a somewhat valid argument. But how much bandwidth could a toaster really suck? You tell it when to start and stop; it could probably be done with little noticeable lag over a 56k modem.

Of course, none of this is IPv6's problem. IPv6 enables a lot of things, the consumer market will ultimately demand which take hold.

Re:IPv6 is MUCH more than a replacement for IPv4

[nphinit]

Every km of highway can have an addressable traffic sensor so that police and emergency crews know exactly when and where a traffic accident happened. Every streetlight can be monitored to see if it is functioning properly or if it needs service. Every traffic signal can be made individually controllable so that they can dynamically adapt to changes in traffic patterns.

Every persion with an IP address, every gun with an IP address, every book that questions authority with an IP address...

Everything tagged, indexed, and tracked.

(sarcasm) I can't wait.

Re:IPv6 is MUCH more than a replacement for IPv4

[gbjbaanb]

I'm not sure the argument against IPv6 holds that well, but you're right that traffic signals won't be connected to IPv6 - if they are connected to anything, it'll be via their own lines and there's no reason to shift away from that.

However, I can see the ubiquity of IPv6 being useful - from the original article, there was mention of everything being IPv6 enabled. This really means that ethernet will replace USB and firewire connections - your new digital camera will not have a USB connector on it, but will have a mini-RJ45 connector instead.

No-one will care too much about bandwidth, but 'universal connectivity' will bring costs down as real cheap networking chips are produced for everything, and support for it is in everything.

People still won't network their toasters though (except as an embedded linux project :) ) its a silly idea touted as a way of describing what *could* be done.

Re:IPv6 is MUCH more than a replacement for IPv4

[javilon]

So basically he argues that we will have a lot more IP addresses? Ok, I agree.

But how does this qualify it as a completely new kind of network? I don't know.

Re:IPv6 is MUCH more than a replacement for IPv4

[Pii]

This baffling policy of no "servers" is simply going to have to change.

Even today, I'd like to be able to put my digital pictures on my web server, and send a URL to my family and friends, rather than emailing to them with gigantic image attachements. Sure, I'd be running a "server," but it's not like I'm hosting Slashdot, or a Pay-for-Porn site.

Most likely, it will simply be a minor language change... Instead of "server", you'll see "server for commercial purposes", as in:

"Users are not permitted to run any server for commercial purposes."

Re:IPv6 is MUCH more than a replacement for IPv4

[keithmoore]

First, what the ISP says in its service agreement and what they let you get away with are two different things. My ISP sells me a static IP address so that my computers can accept incoming traffic and then tries to say that I can't run servers. There's something of a contradiction there.

What they generally mean when they say this is that they don't want you using a residential account to provide commercial service, and they don't want you eating up arbitrary amounts of bandwidth even for noncommercial use. So if you make porn or mp3s or whatever available for download and your site gets popular, they've got an excuse to hold you in violation of the agreement. But that doesn't mean that they're going to filter the traffic that would go to your toaster.

Eventually they'll find a better way to distinguish "bad servers" from "good servers". Or maybe they'll just limit your bandwidth if you eat too much of it.

Re:IPv6 is MUCH more than a replacement for IPv4

Congratulations! That post just won you the prestigious title of Biggest Idiot Ever!

Re:IPv6 is MUCH more than a replacement for IPv4

[Lost+Race]

That's like saying residential telephone users don't need to have a phone number at which they can be reached.

No, it's like saying residential telephone users don't need a separate number for every phone in the house. Which they don't.

None of those gee-whiz services listed in the article require IPV6 or separate per-device addresses. They can all be aggregated and gatewayed through shared addresses, and arguably should be for many reasons. E.g. imagine exploitable web server bugs in every camera, refrigerator, thermostat, traffic sensor, etc, etc, and having to keep them all patched and operational separately. Alternatively you can have a single web server handling public queries, doing proper authentication, and aggregating and presenting data from the various data-collecting devices according to a single set of configuration profiles. IMHO that would be much more maintainable.

Re:IPv6 is MUCH more than a replacement for IPv4

[anti-NAT]

No, it's like saying residential telephone users don't need a separate number for every phone in the house. Which they don't.

They do if they want to have multiple, concurrent conversations, with the ability to receive independent incoming calls.

None of those gee-whiz services listed in the article require IPV6 or separate per-device addresses. They can all be aggregated and gatewayed through shared addresses, and arguably should be for many reasons. E.g. imagine exploitable web server bugs in every camera, refrigerator, thermostat, traffic sensor, etc, etc, and having to keep them all patched and operational separately. Alternatively you can have a single web server handling public queries, doing proper authentication, and aggregating and presenting data from the various data-collecting devices according to a single set of configuration profiles. IMHO that would be much more maintainable.

They don't require IPv6, but IPv6 makes it much easier. With enought time and effort, almost anything is achievable. The question is, why go to a lot of effort inventing a complicated solution, when a simpler one already exists.

I'd like to know your solution for the following scenario. Say its 5 years time, and I've just bought a PVR that I'm going to plug into my home network, which I'd also like to have accessible from my work, so I can program it remotely, just in case I get delayed, or am on a work trip, for example. In this 5-year time plug and play world, all I need to do is plug in the power cable, and switch it on. For data access it will use Wifi. That is all I'm going to do to set it up, as I'm a non-technical end user.

How would you solve that problem ? Say I bought another PVR, and wanted the same accessiblity and convenience for both of them. Oh, and I also want to be able to access my air conditioner from work, because sometimes the weatherman is wrong, and I might want to turn it on from work, so that the house is cool when I get home.

If you don't think IPv6 is a good solution, I'd be interested to know how you are going to use IPv4 (and possibly NAT) to solve it.

Re:IPv6 is MUCH more than a replacement for IPv4

[Lost+Race]

I'm not opposed to IPV6. I have no opinion about it, really.

My quick&dirty IPV4 solution to the problem you pose -- assuming no universal plug&play webserver/appliance multiplexing protocol in the futuristic 5-years-from-now world -- is port forwarding. Yeah, you have to flip a switch in your router config to enable it. But you'd have to flip a switch anyway to give the outside world access your PVR through your firewall -- and you'd almost certainly want to configure some kind of authentication and access control too. So plug&play in this case isn't, really.

Just hooking everything up directly to the public internet without configuration may be a lot easier with IPV6 but it's not really a good idea! Since you're going to have to configure something somewhere anyway, IPV4 doesn't put that much more of a hurdle in the way. We can make do with IPV4+NAT for a long while yet, even with TCP/IP embedded in every appliance, fixture, tool, box of cereal, whatever, by having a single server on a single public address acting as a gateway for many small appliances. Personally I think it's a bad idea to put every little gizmo with its own embedded webserver directly onto the public internet, either with a unique public address or with port forwarding.

Obviously IP-enabled mobile devices present some very good reasons for moving to a larger address space, but all the nifty IP-everywhere-world-of-the-future devices listed in the quote I was responding to were fixed-position and could be easily handled with a restricted and multiplexed address space.

Re:IPv6 is MUCH more than a replacement for IPv4

[anti-NAT]

assuming no universal plug&play webserver/appliance multiplexing protocol in the futuristic 5-years-from-now world

That describes part of the feature set of IPv6.

is port forwarding.

So, presuming these multiple PVRs, fridge, air con etc. each have embedded web servers, to which one of them are you going to port forward TCP port 80 to ? What are you going to do about the others ? You only have one TCP port 80 to forward, as you only have one IPv4 address.

Bottleneck

[savagedome]

If you look at the OSes used to access Google (which is a good indicator of total OSes used), Win98 is listed at the top with 27%. And with Microsoft extending support, it creates a speedbump.

Re:Bottleneck

[NickFitz]

Look at the chart. Win98 is at the top of the legend ; Windows XP has the greatest usage at 42%.

Re:Bottleneck

[ianr44]

Win98 is at the top of the chart, but ME has 42%. Of course, since this is /. it should be clarified that Microsoft is the speedbump, not win98 ;)

Re:Bottleneck

[Mwongozi]

It might be at the top of the list, but Windows XP accounts for 42% of users.

Re:Bottleneck

[Blakey+Rat]

What's even more strange is that it doesn't report Windows ME. I mean, I know that Google probably hates Windows ME as much as everyone else, but that doesn't mean they should pretend it doesn't exist.

So do Windows ME installations show up as 98? Or XP? Or are they just not counted at all?

Re:You're kidding, right?

Well looky-here billy-bob! Them foreigner seem ta be cooking some kind of net-gizmo. It's them chinese foreign fellow, you know them ones next to Guatemoly and Condo.

God-damn, we ain't caring about what them fellows do, we own 'da intarnet! Like uncle Bob said after his four day hike through new zealand, sweden and canada, them foreigner ain't good for nothing, so they can do whatever they want, no matter to us. We sure as hell ain't gonna do nothing to work with them foreigners.

Hell, most'a them don't even own a shotgun, that ain't bein' free!

Re:Very Interesting

Could someone pleas paraphrase what this guy is trying to say? It seems everyone is too intent on flaming the appaling English when he could in fact have a good point...

I would do it.. but I cant understand a flocking word of it! :)

No IPv8

[crow]

If you read the various followups to that posting you linked to, you'll see that there are two separate IPv8s. One was a proposal that competed with IPv6 and lost. It's dead. The other is a joke.

So the deal is that there is not, in fact, a serious IPv8 effort underway.

Re:No IPv8

[Zeinfeld]

If you read the various followups to that posting you linked to, you'll see that there are two separate IPv8s. One was a proposal that competed with IPv6 and lost. It's dead. The other is a joke.

Erm do you mean here that Ipv8 is intended as a joke or that that is the result? The creator certainly thinks his scheme is not a joke, unfortunately the rest of the world does. Basically the idea is to compress an 8 byte address into 4 bytes. This part is of course quite possible provided you don't need to ever go the other way...

The big problem for the Internet at large is that the IPv6 scheme thunk up by the woolly headed academics of the IETF is about as practical. IPv4 can talk to IPv6 but not the other way arround. The plan is completely clueless when it comes to the business of how to deploy IPv6 in the real world.

Unfortunately the days are long gone when folk in the IETF could wield a cluebat and fix these guys. Most of the people with a real clue have drifted away. OK so Dave Clark may be nominally still a member of the IETF, but he has zero time to spend wielding cluebats these days.

What needs to happen is for folk to realize that NAT boxes are the way to deploy IPv6, not the enemy.

Basically a NAT box should be capable of talking IPv6 on either side of the bridge. It should be capable of talking IPv6 on the internal net and IPv4 externally, vice versa, or the same protocol (IPv4 or IPv6) on both sides. And in doing so it should be 100% transparent to the end user.

The first step is to write a protocol that allows an existing machine on the inside of a NAT box to make a request (which may be refused) to open up an external port to accept connections. Yes this needs support at the O/S level and possibly make the applications aware. This is no biggie because the main server applications that make sense are video-conferencing and home web servers. Both easily fixed.

Armed with that capability you can make an IPv4 network behind a NAT box work as if each machine had its own IPv4 address. Of course the loosers at the IETF are blocking this because they want to push IPv6 by withholding features from IPv4.

A NAT box of this type would be able to tell its provider that it is IPv6 transitional capable when it requests an IP address from its ISP. The ISP can then do similar IPv6 gating to IPv4 at the Internet level. This way you could run 10,000 residential Internet users off a pool of 256 IP addresses.

The key here is to decouple the deployment of IPv6 on internal and external networks so that both can operate independently. The router boys think they understand the Internet because they understand routing. Fact is that they simply have no clue about the business relations involved. Their solution at every turn is 'oh well it will take time for the business people to come round'. They just don't get the fact that the business people may never come arround to their way of thinking.

One thing is certain Harald Alvestrand is not going to convince ISPs to change over with his current tactics.

Re:No IPv8

[dbIII]

separate IPv8s. One was a proposal that competed with IPv6 and lost. It's dead. The other is a joke.

The third is a small japanese child in a bear suit.

Better security?

[GunR]

IPv6 may have a better and safer design, but have you ever considered the software that's going to use it? I see networkrelated security issues popping up "all the time" with IPv4 software. Now, what will happen when we do move over to IPv6, which is in fact a more complex protocol? I have a feeling we will be seeing quite a few security reports on not only the various stack implementations, but also on userspace programs.

Re:Better security?

[jheiss]

Sure, there will be some issues to be worked out with the stacks. But this argument about IPv6 providing lots of opportunties for bugs in userspace apps seems specious to me. (I've seen others make it too, so I'm not just picking on you.) For example, in Java you generally need no code changes at all to support IPv6. Even in C you don't go poking around at IP addresses much. Mostly you just get a pointer to a addr struct of some sort and pass it along to the next system function without inspecting it. Outside of the stack and libc I don't see much opportunity for new bugs.

Re:Better security?

IPv4 addresses are used in more userspace apps that you acknowledge. For example, even Slashdot here uses them for preventing moderation abuse, troll filters and so on.

Pretty much any app that does network logging will have to be updated -- this might be trivial like increasing the width of a database field, but it's still going to require lots of programmer work and is by no means automagic with a new libc.

Re:Better security?

[sketerpot]

OTOH, it could be a good thing to have complexity moved from userland programs over into a stable, actively maintained IPv6 imlementation.

Re:Better security?

[lokedhs]

In almost all of these cases, the IP address is used as an opaque string, so they work perfectly with IPv6 addresses as well.

Re:Very Interesting

[Just+Some+Guy]

I'm certain that a high-numbered Slashdot account pronounced like "My Dong Long" posting a stream of almost-coherent-but-not-quite pidjin English must have a valid, well-argued stance.

Either that, or you have been trolled.

I'll put my money on the latter.

Troll?

[GnrlFajita]

Interesting name when pronounced out loud: My dong long.

Also amazing how hideously mangled the grammar is, without a single misspelled word. I think we may have ourselves a Babelfish troll -- try copying a block of text into Babelfish, translate to Chinese, then back again. It looks remarkably like the parent.

Re:IP6s problem is the numeric addresses r so comp

If you want a 128-bit address, then you need a 128-bit address. No way around it. Remembering an IPv4 address is a pain in the butt too. I can never remember a whole address, so i'll have to look back and forth several times to make sure I got it right. If that's the biggest problem with IPv6, I'll take it.

Start faking the...

.. MAC address. now they can not only ban the IP they can ban a specific MAC.

Its in the IPv6 headers, watch more MAC filtering take place on an internet scale.

Re:Start faking the...

[Viol8]

"Its in the IPv6 headers"

You sure about that? Seems a bit pointless since it'll only apply to ethernet cards which means that if your PC isn't connected to a router etc
via an ethernet card then you've got nothing to worry about anyway.

Re:Start faking the...

And thank god it's impossible to spoof a MAC addr!!

Re:Start faking the...

So are you going to use 56k modem then? Metered dialup?

No right, youre argument is pointless.

Re:This is one area the US could get left behind..

Notice how North American-based networking gear manufacturers (Cisco, Nortel, et al) are all offering IPv6-ready devices? Ironically, it will be North Americans that will be late to the party.

IPv6 is a solution looking for a problem. The IP address exhaustion scare of 4 or 5 years ago is a moot point these days after the dot com bombs, the explosion of usage of NAT, etc. People are beginning to realize there's NO point in having every device use an Internet accessible IP address. Our entire campus of 5,000 machines is behind 2 IP addresses.

Re:IP6s problem is the numeric addresses r so comp

[Viol8]

If you have trouble with IP4 then just imagine the hours of fun you'll have with IP6.

Why is NAT a "bad thing"?

[Dlugar]

I guess I'm not quite sure I "get it", but why is NAT necessarily a "bad thing"? Because it's not "how it's supposed to be"? Because it's klugey? Bad design? Insecure?

I guess my thinking is, if I've got a house full of electronic devices (let's say a dozen computers, an IP-enabled toaster, fridge, television, etc.) I don't really need or want world-visible IP addresses on all of them. I'd like them to be just 10.* or whatever IP addresses, and if any communication ever needs to go on between them and the Internet they should necessarily go through some central house-server/router/firewall. I should have the option of having, say, three of the computers have world-visible IP addresses, but the rest having local 10.* addresses. But why make my toaster be visible to the Internet when, really, there's no need for him to be?

Or am I missing something terribly here?

Not to say that IPv6 isn't a good thing ... it basically needs to happen sooner or later. But what's wrong with IPv6 plus keeping NAT around? Or is it just the excitement of "We don't have to anymore!"?

Dlugar

Re:Why is NAT a "bad thing"?

[RLaager]

Why not give all of the devices a world-routable IP address and then use the "central house-server/router/firewall" as you describe to block access to it. IPv6 doesn't force you to allow world-access to every device. NAT prevents you from allowing world-acess to every device should you want it.

Re:Why is NAT a "bad thing"?

[Morth]

If you don't want your toaster/whatever routable from outside your home, how is NAT going to help you? It's not like you have to put a globally routable ip on a device just because it's not behind NAT. There's site local and link local IP addresses with IPv6, and the link local at least are always there, even if you put a global as well.

Actually you have link local addresses with IPv4 as well. The net 169.254/16 must always be sent to your local interface regardless of your IP, and packets with it as source or destination must never be routed.

Re:Why is NAT a "bad thing"?

[Hatta]

There is absolutely no point in IPv6+NAT. If having your toaster publicly addressable bothers you, stick it behind a firewall and block the ports. Address translation and port blocking are completely orthogonal. It's only out of convenience that firewalls do both.

Re:Why is NAT a "bad thing"?

[Dlugar]

There is absolutely no point in IPv6+NAT. If having your toaster publicly addressable bothers you, stick it behind a firewall and block the ports.

My point is: why bother? Sure, there are plenty of IPv6 addresses to go around, so I can give my toaster an IP address just for the heck of it, and then block access at the firewall ... but why? Why not just put it on a local network, inaccessible to "the outside world"? Why does it need a world-accessible IPv6 address if the only machines that will ever access it are on my house's local network?

Dlugar

Re:Why is NAT a "bad thing"?

[Sique]

Imagine you are standing in your favourite supermarket, and you wonder if you should buy eggs, because you want to bake a cake for the weekend. With a public address for your fridge you could check remotely, if you have enough eggs at home. With a 10.* IP address you can't.

Think about what an address is good for: to address something. Giving it an unique identifier, so your request goes to the right place. There are definitely more than 2^32 objects in the world to be addressed. Think about embedding phone numbers in IP, as necessary with all the gimmicky mobile phones.
I guess the phone numbers alone exhaust the IPv4 space.

Think about people on aircrafts, if you could reach them because every flight seat has its own address (no need to go to the tower, speak to the pilot, sending the stewardess...) Think about utilities remotely querying the counters for electricity, water, gas and heating in each home. Of course a single utility could use 10.* addresses, but what if there is a merger? Or the billing gets outsourced to another company?

Think about computer management, where every device (processor, harddrive, usb port, monitor...) has its own address, no need to fiddle around with nonstandard SNMP extensions, just query the device directly.

Think about giving every postal address an IPv6 address, thus improving the automatical sorting at the postal services. People don't need to know the actual IPv6 address themselves, let the postal guys do the "DNS" ;)

NAT is fine for a network with a few hosts and hundreds of clients, because the clients initiate the request. NAT is unusable in any environment, where you have lots of little servers and services, which are just listening for requests.

Re:Why is NAT a "bad thing"?

[Kevin+Stevens]

Well, as a geek, I want a "real" IP address. to do things like play around with webservers. But here was a real scenario that you just cant do with NAT. me and my roomate in college both wanted ftp servers running on our machines so that we could access some files from over the internet. You cant have two machines running ftp's or any service over NAT. Our options were... have one of our machines run the ftp- kind of annoying, because then you have to worry about whether or not they left their machine on, getting files you want to have access to into the folder, crunching on their machine when they are working on something, etc. PITA. the other was a seperate dedicated machine to do this. The problem with this was that we would have to find space for the extra machine (college apartment = small), have to pay to power the extra machine, have to pay for an extra machine- the 'castoffs' of the time were pentium I's that still fetched a decent amount of money. In the end we just gave up, and burned stuff on CD if we needed it. nowadays USB pendrives work nicely for what we wanted. But even so, it would be nice if me and others in my house could run our own webservers.

Everything is a major PITA with NAT. Alot of applications will not work over NAT at all even if the implementation is done well and it is configured properly.

Im capable of shutting services off that I dont use and running a firewall (the big arugment for NAT is that it provides security). I just want to run two FTP's on my home network, and just not have to worry about NAT screwing things up, or wondering what machine exactly port whatever is being forwarded to. I want to be able to remote desktop to all the machines on my home network! I want to be able to ping all the machines on my home network to see if they are alive. I just want to be a real machine on the internet!

In addition, to me there is always an added bonus of having ubiquity and extra capacity and that bonus is innovation. Sure we dont need an OC-3 going to everyone's doorstep, but someone might create a great new killer app if it was there. We did not need an internet either, but look at what it has created. Sure, we dont see much point in having real IP's available (and imagine if they were static to boot!), but what if we did? Imagine if we really could just use them completely unfettered. Who knows what would happen?

Re:Why is NAT a "bad thing"?

[MenTaLguY]

Because it's nice having globally unique addresses for your devices. The private IPs used with NAT are not globally unique.

Let's say you get a roommate and you want to put both your appliances on your LAN. Well, he's been using 192.168.0.x ... and so have you. One of you is going to have to renumber, redo your DNS and anything else that used the IPs.

You just shouldn't have to do that.

Not such a big deal in a home environment, maybe, but similar scenarios on massively larger scales already happen with NAT after corporate mergers on a fairly regular basis, inflicting major pain on all concerned.

Re:Why is NAT a "bad thing"?

IPv6 has something called "link local" addresses. These can be used for LAN (and LAN ONLY!) communication....

Second... NAT is NOT the same as FIREWALL!
You can firewall off the rest of the internet from your toaster if you want to... the only thing IPv6 gives you is a _unique_ address.... Noone elses toaster is going to have the same address as yours... How can that be considered a "bad thing". (The example you mentioned comes up every time IPv6 is discussed as far as I'm concerned.) //fatal

Re:Why is NAT a "bad thing"?

[javilon]

The problem is, as things are going, your main router/firewall/server ip is going to be dynamic unless you pay big $$$. You will be forbiden to run "servers" on it. And your bandwidth will be asimetric, so you use the internet to fetch information from a central server but no information flows from you to the network.

Re:Why is NAT a "bad thing"?

[th3axe]

I think that whether or not you think NAT is a horrible thing depends on how you see the world. The idea that the internet is a network composed of peers (each system on the net can freely talk to any other system on the net) is destroyed by NAT boxes since a NAT box doesn't allow systems on the outside of the NAT box to freely talk to the systems on the "inside"

However, whether this is a good or bad thing really depends on your point of view. Most users (clearly not the /. crowd) don't care about history and "proper" network architecture. They just want to share their broadband connection with all the systems in their house. To them, NAT is the greatest thing ever. It gives a little security, allows them to share, and lets them do everything they want. They don't understand that a true peer would allow other things, but what they don't know doesn't hurt right.

On the other hand, a true peer can freely accept connections from external system and this enables cool stuff (hosting, P2P apps, VoIP w/o central servers, etc). This is what NAT prevents. So it's bad from the perspective of people who want cool stuff. But, you do incur the cost of haveing to properly secure your system.

Anyway, my .02.

Re:Why is NAT a "bad thing"?

[WuphonsReach]

Let's say you get a roommate and you want to put both your appliances on your LAN. Well, he's been using 192.168.0.x ... and so have you. One of you is going to have to renumber, redo your DNS and anything else that used the IPs.

I lay that fault at the feet of the manufacturers of NAT/routers and other implementers. A better design would have been for those boxes to randomly pick the 3rd octet so that two groups would only have a 1/255 chance of that happening. In fact, when I configured my network, I specifically chose a 3rd octet that was randomly chosen.

Re:Why is NAT a "bad thing"?

[WuphonsReach]

With a public address for your fridge you could check remotely, if you have enough eggs at home.

And if it's running an embedded MS-OS, it's quite likely that when you get home you'll find your fridge temp to be set to 65F because some cracker thought it would be funny. Or, if you're talking about having RFIDs on the egg shells so you can count the egs, you're implying that everything else in the fridge has RFIDs. Which leads to the question of whose business is it to see what's in your fridge and how easy do you want to make it that someone else can see the contents of your fridge?

Think about utilities remotely querying the counters for electricity, water, gas and heating in each home.

Think about organized crime networks querying counters for electricity / water / gas / heating to figure out who's home and who's gone on vacation for a week.

Yes, it sounds like I'm a privacy-fanatic, doesn't it? But if you can access the information from outside the home, then a determined attacker can also access the information from outside the home. All you've done is made it easier to automate the process of gathering that information.

That's not to say that IPv6 is not needed, but I think most of the examples presented are pie-in-the-sky ideas that completely ignore the human issues. (Companies that will do *anything* if it improves their profit picture, ethics be damned.) My evaluation simply starts from the point of view that if it can be abused it *will* be abused.

Re:Why is NAT a "bad thing"?

[Rich0]

Trust me - when HP and Compaq merged, they would have had problems if they were using NAT.

We're not talking small businesses with 10 PCs - we're talking enterprises with hundreds of subnets with hundreds of PCs on each.

Why is it more convenient to have a non-unique address on a home appliance? Just because the address on the appliance is unique doesn't mean that it can talk to the outside world - that is what firewalls are for. Right now your firewall probably says forward port 10 to 192.168.0.1 and send port 11 to 192.168.0.2. Why not simply set up the firewally to block all traffic by default, and pass it for those two hosts?

Suppose somebody comes up with a fancy picture frame which can have pictures uploaded to it. The protocol works on port 1234 by default. If you have 10 of those frames, you have to put them on different ports since you only have one outside IP. With IPv6 you just give each frame a different IP, and you don't have to fix all the broken apps that have port numbers hard-coded.

NAT is really just a hack. It is like giving all the houses on a block a single phone number and then putting in a fancy switch board which tries to figure out who the phone call is really intended for and send it their way.

You can have security without using NAT. If IPs were plentiful then we could simply have a webserver which handed out 16-bit subnets on request free of charge. Sure, technically you can get by with only one IP with the right hardware and configuration. I'm sure your block could get by with one phone number too if you put in a machine that prompted "press 1 for Rob, press 2 for Sam...". But why would you want to do it that way?

Re:Why is NAT a "bad thing"?

[radish]

Imagine you are standing in your favourite supermarket, and you wonder if you should buy eggs, because you want to bake a cake for the weekend. With a public address for your fridge you could check remotely, if you have enough eggs at home. With a 10.* IP address you can't.


That's weird. Because my Tivo (running TivoWeb) used to sit on a 192.168.*.* address, and I could access it from anywhere in the world via the magic of mod_proxy. In fact it had it's own DNS name - tivo.mydomain.com, which apache handled authentication for and kept nice and safe from the outside world. Like the grandparent, I'm not saying IPv6 is bad, it's not. But I have been running a NAT'd network (with a single static IP) for years and there's been nothing I've wanted to do which I haven't been able to do, so I really have no incentive to switch (yet).

People seem to confuse NAT with DHCP (or more specifically dynamic IP). They are not the same. I like having a static IP from my ISP, but it identifies only the outer edge of my network (my firewall/router). Inside there, I am king, and the packets go where I tell them, not where someone outside my network wants them to go. NAT gives me that little extra bit of confidence that a machine on my internal net is completely unroutable from the outside world. With class A addresses, even with a firewall, there's just that little bit of doubt in my mind.

Re:Why is NAT a "bad thing"?

[radish]

But I run NAT, and I can do all those things you say I can't (VoIP, P2P, hosting). I have multiple webservers, all running on :80, with a fronting server proxying to them based on requested host name (www.*, tivo.*, proxy.* etc). I agree with your sentiment that this is a largely historic thing, and having a static IP from your ISP is (IMHO) very important, but Dynamic IP != NAT. If the ISP ever tried to put me behind a NAT at their end I'd be upset, but I find having one at my end perfectly fine.

Re:Why is NAT a "bad thing"?

[NullProg]

Imagine you are standing in your favourite supermarket, and you wonder if you should buy eggs, because you want to bake a cake for the weekend. With a public address for your fridge you could check remotely, if you have enough eggs at home.
How does the fridge open the egg container? How does the fridge see with the light off? How does the fridge know that its me and not some egg peeping pervert?

Sorry, I just had to reboot my thought sub-process. :)

Enjoy,

Re:Why is NAT a "bad thing"?

[th3axe]

But the big question is: Did you do all that with a simple interface that Joe User could set up? You can work around NAT, but the mere fact that you have to is the annoying thing.

I understand that you can (usually) work around a problem, but most people either can't or won't. Since IPv4 and NAT require the workarounds, it prevents most people from being able to experience what you, by virtue of your technical skills, experience.

Maybe most people don't care, but they also don't have a real choice (unless they want l33t sk1llz) under IPv4/NAT. There's also the issue of control and so forth - if your ISP implements NAT you'd be SOL (I know, you can switch ISPs, but that's not the real point.), IPv6 might reduce that chance.

Re:Why is NAT a "bad thing"?

[TheSunborn]

The problem comes as soon as you don't run the nat yourself. I am behind nat with 500 other users, and I can't port-forward so nobody can connect to my computer -(

Re:Why is NAT a "bad thing"?

[radish]

That's true - it certainly was hardly plug & play. But for Joe User having to have a NAT box (typically one of those broadband router boxes) is actually a good thing - it forces him to have a (basic) firewall. Look at how many problems we have from unsecured windows boxes running on dsl lines, now imagine if there were even less routers & firewalls in the way. People's toasters, fridges and Tivos would be getting rooted. Chaos. I actually like it that it's hard for idiots to share themselves with the world ;)

Re:Why is NAT a "bad thing"?

[th3axe]

I agree that it's not good for people who don't know how to swim to dive into the deep end, but I disagree with your point that NAT is the right thing.

NAT was a kludge to get around a pressing problem. Just because it had a side benefit of effectively sealing idiots off from the rest of the world doesn't make it any less of a kludge. Plus it has the negative function of sealing off people who want the ability to do cool stuff who are less technical than you.

If we want people to use firewalls and secure their systems (which we do) we use and write applications and OSes that only talk to secure systems. Packets not signed? Tough. Application not authenticated? Tough. But the important thing is - we need to make it easy. NAT makes it hard. IPv6 makes it easy (or at least easier).

We don't want chaos, but IPv4 and NAT are not the right way. I hate that IPv6 is going to cause pain, but once we're there, life will be better - or at least, hopefully we'll have a different set of problems.

Re:Why is NAT a "bad thing"?

Wait... why couldn't you use different ports for your FTP servers, exactly? The servers don't even need to use different ports -- your NAT could handle this. Come on, this is Router 101 here.

Re:Why is NAT a "bad thing"?

There is absolutely no point in IPv6+NAT.

Wrong.

If having your toaster publicly addressable bothers you, stick it behind a firewall and block the ports.

OR: stick it behind a firewall, and NAT it. Or stick it behind a firewall, and NAT it AND block the ports. Wow. Multiple solutions to a similar problem! I'm from Hollant, isn zat veerd?

Address translation and port blocking are completely orthogonal.

If, by "orthogonal", you mean "complementary", I agree whole-heartedly.

The reason NAT is safer than port blocking is that NAT connections a) vary from session to session, and b) time out -- much like how dial-up connections are somewhat more secure than always-on connections. Of course, it's even better to run both together. Multiple security layers -- imagine that!

If I may borrow your geometric terminology: you're diametrically wrong.

Re:This is one area the US could get left behind..

IP exhaustion is only one problem that IPv6 addresses. Better & smarter routing, security, etc etc. are all benefits that IPv6 was designed around.

Also, there are more addresses!

[Emil+Brink]

There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few.

Um, is this just an oversight, or is the poster so US-centered (s)he doesn't realize that one of the major reasons why IPv6 is interesting to us in that weird "foreign" part of the world is that is expands the address space?

I don't recall how large the US allocation of IPv4 addresses is, but I'm pretty sure it's at least 25% of the space, and that's being conservative. Since the US doesn't even have 1/16th of the population, that's obviously b0rken, and IPv6 is a more or less natural fix.

Now, I'm Swedish, and I'm sure we have enough IP addresses for our puny country, but the nations of Asia probably can't say the same. Thus, more interest in switching over sooner, and less in the US where there's no (or less) pressure from simply running out of addresses.

Re:Also, there are more addresses!

[TheSunborn]

It is something like 75% acording to a previous slashdot rant about IPv6

Re:Also, there are more addresses!

[Dr.+Manhattan]

...one of the major reasons why IPv6 is interesting to us in that weird "foreign" part of the world is that is expands the address space?

And it's really interesting in Asia, haven for spammers? Many sysadmins already block giant ranges of IPs from those countries from their mailservers today. With IPv6, the number will be exponentially vaster...

Re:Also, there are more addresses!

[Dielectric]

I consider the larger address space a bonus, but not really the primary reason to move to IPV6.

A vast section of the world's population doesn't even electricity, let alone an interest in TCP/IP. They'd rather have indoor plumbing than pr0n. Considering that, I don't think that the US having 25% is out of line. Now, China and the rest of the far east certainly will benefit from more addresses, but they're dealing with it through NAT, etc. The problem with NAT, though, is that it makes the internet lopsided, where more clients are sucking data, but it's relatively difficult to connect one-to-one. IPV6 will bring us back to a mesh network instead of the client-server model we've gotten ourselves into. The vastly improved routing options are going to help even out and thus speed up the bandwidth allocation worldwide.

I think a lot of people are forgetting the routing, security, etc features and focusing on address space. It's a side effect, not a goal, IMHO. We don't have to packet dive to route realtime-sensitive data with IPV6, instead there's a header tag for such things. That allows routers to use tables instead of processing every packet, speeding things up tremendously. It's so cool, but often overlooked.

Re:Also, there are more addresses!

I worked for Nortel Networks a few years ago - they have an entire class A subnet from the public part of the address space.

And this is not a company which supplies IP addresses to their customers (like ISP's), it is just for internal use! They have so many IP adresses that we used them in the laboratory for the devices we were developing! What a waste of addresses...

Re:Also, there are more addresses!

[k12linux]

The US portion of address space is probably considerably more than 25%. Look how many US companies or institutions have class A addresses.

Speaking of class A address assignments... How many of them actually need nearly 17 million Internet-addressable IPs? It's this type of waste (both in assignment and initial design) that is causing the real crunch in IPV4 space.

Re:Also, there are more addresses!

[chuckychesthair]

the myth about address shortage in Asia is long standing, but does not get truer the more people repeat it.

The RIR system makes sure everyone that needs addresses can get them (regardless of who has the legacy address space from when we used classes). So when Asia or Europe runs out, the US runs out as well. The only ones who have addresses left are the ones who have the old legacy classes and they are already slowly getting more and more pressure to give back unused networks.

IPv6 has more addresses, yes, but that is mostly on the end-user side of things. I can't wait to have more then 1 address that I can have visible from the outside world if I choose it to be so.

From an ISP perspective though, IPv6 is a bit of work (=money) with no current returns. Let's hope more people ask for it. Luckily, here in the Netherlands we already have 1 ADSL provider that can give a native IPv6 connection. With a /48, of course, so over 65000 subnets! Yay!

CC

So called "IPv8" is not IETF work.

[anti-NAT]

A few quotes from the follow up emails

write it off to loonies and sociopaths not taking their meds. - Randy Bush

"IPv8" is a joke. Unfortunately it is a joke that has gone on too long and is still wasting people's time. - Brian Carpenter

"The recent postings you have received, despite the use of the string "IPv8" and being posted to the IETF list, have nothing to do with this actual IPv8. Despite the use of the string "RFC" in these postings to the IETF list, they having nothing to do with any IETF RFC. The link you cite below is merely to an area with public comments, not an area with any sort of official output by NTIA. It is as though these postings were an effort to cause confusion. - Donald E. Eastlake 3rd

Visit his site here to make your own judgement - IPv8. The site seems to be having some problems, make sure you get the groovy soup can version.

IPv6 is going to last a long, long time, there is no need to spend time on "IPv8".

Re:IP6s problem is the numeric addresses r so comp

If you want a 128-bit address, then you need a 128-bit address. No way around it. Remembering an IPv4 address is a pain in the butt too. I can never remember a whole address, so i'll have to look back and forth several times to make sure I got it right. If that's the biggest problem with IPv6, I'll take it.

Two checkdigits wouldn't have hurt though.. At least you'd be more likely to get an "IP address wrong" error than, say, DDOS the wrong target ;-)

Re:IP6s problem is the numeric addresses r so comp

[Zathrus]

The same charges were leveled at IPv4 back when it came out -- it was considerably longer than was considered necessary (32-bits? That's way too much space!), it's a far bigger number than is convienently held in short-term memory, and yet, according to you, it's simple.

Funny how people adapt.

Between that and the mystic thing called "cut and paste" that's available on pretty much every platform known to man nowadays, this is a real non-issue.

Re:This is one area the US could get left behind..

Those benefits don't necessitate a switch of the entire Internet to IPv6. Only a severe problem, like IP exhaustion, would.

Multicast comment

[webhat]

Whether it is IPv4 or IPv6; multicast will not be useful until we stop building star shaped networks and build meshing network.

Besides from the added bonus of making the networks failover. (c;

I heard it last night...

...and I agree we must protect the sanctity of married packets. Even if it takes a constitutional amendment to every router's firmware.

Civil Rights Issue

[fadethepolice]

I think that switching to IPv6 is really a civil rights issue. The United Nations supports the "free and unfettered communication" of people as a basic civil right. There is no way a system where people have to pay for IP addresses can in any way be "free and unfettered". The switch should be done as quickly and smoothly as is possible to ensure that every individual who wants to express their views on the internet can do so. People should also be albe to get IPv6 addresses on demand. This is the best way IMO to ensure that free speech is protected. Imagine if you had to pay for you street address to receive mail.

Re:Civil Rights Issue

[k12linux]

There is no way a system where people have to pay for IP addresses can in any way be "free and unfettered".

Are you saying that ISPs won't try to charge for addresses after a switch to IPv6?

Re:Civil Rights Issue

[Mnemia]

If they do try, they will fail miserably. The lack of scarcity of addresses will destroy any central control of the address space. Without scarcity the commodity of IP addresses has no value. Basic economics there.

Re:Civil Rights Issue

You need a free IP address? Here, have one of mine:

10.5.26.33

100% free!

Viva la freedom!

Re:Civil Rights Issue

[Ride-My-Rocket]

Imagine if you had to pay for you street address to receive mail.

You do. It's called "rent" or "mortgage", depending on the type of contract you've entered into with your "housing provider".

Re:Civil Rights Issue

[k12linux]

If they do try, they will fail miserably. The lack of scarcity of addresses will destroy any central control of the address space.

However, lack of scarcity doesn't have a large affect in monopolistic situations. Charter Pipeline charges a monthly fee to provide you with a static IP address.

On the surface, it might appear that this is due to scarcity, however, this really isn't the case. I am using an IP address at all times. Whether it is a dynamic address or a static one is really irrelevant... I'm still tying up one address. That means that not assigning me a static address really doesn't aleviate scarcity at all.

In fact, if there is not an equivelent to NAT for IPv6 (I have no idea if there is or not) then it would be trivial for ISPs to charge per "device" connected to the Internet. While this isn't strictly a per-IP charge, it would be functionally equivelent.

Re:Civil Rights Issue

And if neither of those apply, there's always "property taxes".

Re:Civil Rights Issue

[amorsen]

If your ISP is being unreasonable about the number of IPv6-addresses they give you, you just borrow a bunch from someone who is close to you on the network. Sure the tunnelling will mean a few hops more when routing, but it won't be noticeable if you pick a good tunnel provider.

You can even do that if your ISP only provides a dynamic IPv4 address. Charging for IPv6 addresses is hopeless.

Re:IP6s problem is the numeric addresses r so comp

[lxs]

A 128 bit number converted to hexadecimal is NOT a pretty site and leaves a huge scope for typos and other cock-ups.

Correct me if I'm wrong, but I thought ipv6 was set up in a way that made DHCP almost compulsary, precisely because assigning IP adresses by hand gets difficult with 128 bits of address information.

Re: Virtually Infinite

Much of the vaunted improvement over IPv4 is attributable to the simple fact that IPv6 offers a virtually infinite number of Internet addresses - from approximately 200 million assignable IPv4 addresses to, it is claimed, countless trillions.

WTF is "virtually infinite?" Does that mean you'll virtually never run out?

Re:You're kidding, right?

When we want IPV6, we'll go IPV6. V4 is working fine for us now. For all those foreigners or whatever, what is wrong with NAT?

You are joking, right? IPv4 is getting about as useful as the 8.3 filenames, and NAT has its place, but it's not likely to allow for any real growth. Just imagine the bottlenecks when one branch of a NAT gets totally slashdotted!

Do you by any chance own a lot of stock in a company that claims it owns the internet?

Re:IP6s problem is the numeric addresses r so comp

Given the size of IPv6's address space, if you type in a random address you're far far more likely to get "Host not found" than you are to actually connect to anything.

Re:IP6s problem is the numeric addresses r so comp

[joaobranco]

Notice that most addresses (for PC-like devices, at least) will be autoconfigured.

You will have some sort of central daemon handing-out the prefixes to your net, and the device will concatenate that prefix with its own MAC address, and voila, you have a working IPv6 address. Its very easy for the end user (in fact, it is almost like a sub-set of DHCP "pre-configured").

Of course, there can be also a DHCP-like protocol to give the client other information (adresses for routers, proxys, etc.).

Re:IP6s problem is the numeric addresses r so comp

With ip4 its failry easy to set up a box yourself with dns, hosts file etc because of the simplicity of the numeric addresses.

Indeed, when I set up OpenBSD on our router, I just told it to use DHCP. Then I set it up to serve DHCP, and set up all the Windows boxes to use that. What does this have to do with the somplicity of the numeric addresses?

Re:This is one area the US could get left behind..

Can IPv6 do anything to halt spam and virus propogation that IPv4 cannot?
Surely, that would merit migration.

Re:IP6s problem is the numeric addresses r so comp

[Viol8]

Because its a damn site easier if you only got a few machines to spend 60 seconds entering 10.0.0.1 etc into a hosts file than setting up DHCP. With IP6 this will no longer be the case.

Re:IP6s problem is the numeric addresses r so comp

[sporty]

DNS is your friend.

Re:IP6s problem is the numeric addresses r so comp

[cynicalmoose]

Why can't we just start checksumming IP addresses. The number of guys who get IPv4 addresses wrong (even on my intranet - I tell them that the server sits at 10.1.0.1 and they type in 10.0.1.0 or something else) is amazing. And don't get me started on NAT

Re:IP6s problem is the numeric addresses r so comp

[Viol8]

"device will concatenate that prefix with its own MAC address"

Superb. And if you're not using ethernet what does it concatenate onto it then? Random numbers? Your CPUs serial number?

Re:IP6s problem is the numeric addresses r so comp

[Dielectric]

Well, by your post, you probably haven't grokked the true beauty of IPV6. There are a lot of mechanisms in place to address your issues. Host configuration will be done by querying an upstream router. The only people that really have to key in the huge hex addy are the root guys, maybe. Then they'll probably automate it or at least use cut-n-paste. But seriously, IPV6 is quite beautiful, and really has a lot of thought put into the headers and routing to make everything work seamlessly without massive amounts of configuration.

before we leap into IPv6...

[cantabrigian]

Sure, we all love the idea that IPv6 will empower nations that have not managed to accumulate so much address space, and we all love the idea that we may be able to provide corporations with a reasonable excuse not to deploy NAT boxes.

But, before we rush headlong into support of radical IPv6 transformation, we must consider some of the disadvantages. First, there are the costs of migration. Interoperability with IPv4 is an absolute must, lest we make the same mistake that ISO did when it proposed CLNP/CONP in the same breath. Fortunately for us, hardware developers have already seized the opportunity to build IPv6 into routers, and software developers have already integrated IPv6 into the core of popular operating systems such as Linux, Windows, *BSD, etc. But aren't there are some applications that will break if we migrate right away?

Anyway, perhaps that's not a big deal. I'd say the more serious issue is that fast route lookup is made considerably more difficult with the longer prefixes of IPv6. It is fundamentally harder to build switching technology into routers that can handle the longer prefixes and still preserve existing performance guarantees. So unless we don't mind slowing down the internet a bit, we may want to hang on to IPv4 a little longer. Perhaps there is something that ISPs can do such that they can switch IPv6 on shorter prefixes, but I have not yet seen any proposals...

Re:before we leap into IPv6...

Slower routing because of 128bit addresses?
You haven't read much about IPv6 have you? ;)

One of the main reasons behind switching to IPv6 is _faster_ routing.... because now when we have a whole new address space we can divide it up better to make sure one continent has a common prefix, then each country has a "subprefix" inside the continent prefix... this way the backbone routers can disregard alot of routes and just handle "continent routes"...

(I hope you understand what I mean... sorry for my bad english..)

There is one problem with IPv6 though that I've heard some hardware developers dislike that will effect speed... the dynamic IP header... Though this will most certainly not be a very big problem. //fatal

it's not *per se*

[RMH101]

...but it's limiting.
say you've 2 webservers behind NAT. you can't run them both on port 80 as the port forwarding has to go to one IP address or the other.
or if you have 2 apps that use an overlapping port range - big problems.
it just doesn't *scale* but for home use, sure, NAT does the job.

Re:it's not *per se*

[Bookwyrm]

say you've 2 webservers behind NAT. you can't run them both on port 80 as the port forwarding has to go to one IP address or the other. or if you have 2 apps that use an overlapping port range - big problems.

This problem almost has to get solved regardless for IPv6/IPv4 NAT, if you plan to have legacy IPv4 network devices interoperate with new IPv6 ones. This is probably the most interesting challenge to IPv6 deployment -- if people can solve the interoperability problems between IPv6 and IPv4 to encourage people to start to deploy IPv6 in an IPv4 based world, you solve the interoperability problems between IPv4 NAT'd networks... which would tend to give people even less reason to upgrade to IPv6.

Re:IP6s problem is the numeric addresses r so comp

[ASCII+GH0ST]

But im not DNS' friend...will *you* be my friend?

Another case of your rights violated

[rkuris]

I'm not sure what country you are from, but in order to get a street address and receive mail in the US, you usually DO have to pay. Usually it is bundled in a grading and excavation permit, and that can be as cheap as $100 or as much as several thousand, depending on what exactly you are putting at the address. Counties are free to make up their own pricing structure for this.

Re:IP6s problem is the numeric addresses r so comp

[Dielectric]

Funny, I set up dhcp in about the same time, and I've only got 5 machines on my network. I find it much easier when dealing with a dynamic IP assigned by my cable modem provider to have the changes propagate through via dhcp internally. I used to make hosts files and all that crap, but I've got better things to do. I don't even set the time on my boxen anymore, I use ntpd synced to Argonne National Labs.

Re:IP6s problem is the numeric addresses r so comp

[Just+Some+Guy]

Not DHCP - autoconfig. Your router broadcasts ("advertises") the network portion of its IPv6 address out its internal interfaces. Client hosts listen for these advertisements and use them to assign their own IPv6 address, typically (always?) by taking the advertised address and replacing the last 64 bits with the MAC address of the host's NIC.

Clear as mud? OK, here's an example. Say you've been assigned the 2001:1:2:3::/64 netblock. Your router will send that information out on all of its LAN interfaces. Suppose your workstation's NIC's MAC address is "05:04:03:02:01:00". When it hears the advertisement, it will assign itself an IPv6 address of "2001:1:2:3::504:302:100" [1] and a netmask of /64. Voila! It's configured and has a world-routable address.

[1] Actually, the format for the last 64 bits is slightly different - I don't recall the exact transformation function - but that's the gist of it. If you look at a host's autoconfigured address and it's MAC, you can see the correlation.

South Korea and Japan already way ahead

[blorg]

If? South Korea is number one in the world for broadband penetration, while in Japan, 10mbs is common and Yahoo recently launched a 26mbs service - for around $35/month.

Re:IP6s problem is the numeric addresses r so comp

Because all bits of an IP address are significant, so there aren't any to throw away on ECC. Since this stuff has to be routed at high speeds, there's no place to add additional bits that convey no new information. You could argue for checksumming in the human-readable addresses, but then you have to propose a standard address format divorced from the actual wire address, which causes headaches for implementors. Furthermore, adding a checksum would make the address even longer than it is now.

Re:IP6s problem is the numeric addresses r so comp

[k12linux]

That depends on if your typo is in the least or most significant part of the address space.

Re:IP6s problem is the numeric addresses r so comp

[addaon]

Sure, why not?

What are you using, if not ethernet, out of curiousity?

I despise IPv6 and I think it's horrid...

[NitroWolf]

Yes, that's right... I think IPv6 is a stupid, stupid move.

While the expanded address space is good, that is the only advantage I can see to IPv6. As a system admin, and one of the people responsible for moving my company to IPv6, I've taken a couple training courses on it, and I have found it wanting... alot.

From an end user standpoint, IPv6 is no big deal. I'm not worried about that. But from a sysadmin standpoint, IPv6 is going to be an utter troubleshooting nightmare. The biggest problem that immediately jumps out at you with IPv6 is the fact that individual addresses in a subnet have absolutely no relation to each other. So John in the cube next to me will have an entirely different address than I do, and it will have no relation to me. From a troubleshooting standpoint, it's just plain illogical.

I dread the day we have to officially switch over to IPv6, because keeping the lists of ip's in use on the network, then finding that list (have to *always* use search and find, as opposed to scrolling to the appropriate place on the list).. and if you mistype an hextet (since it's not an octet!), trying to track that down is going to be a nightmare.

I'm sure there's a lot I don't know about IPv6, but everything I've read on it, and everything I've experienced with it has proven it to be just plain stupid. Like I said, the expanded address space is nice, but it's a dumb protocol from an networking standpoint. There are plenty of things they could have done to make it better and easier to manage and I guess that's my major beef. IPv6 is a thousand times more difficult to manage for a large network than IPv4 is. You'd think managment should get easier, but it doesn't, and it just pisses me off.

I think we're going to have a lot of people suprised by how unwieldy IPv6 truely is, once they have to begin deployment... but by then, it will be too late.

What I think will eventually happen is the large backbone providers and large companies will deploy IPv6 externally, and internally (behind the corporate firewall, etc...) we'll see IPv6 networks on private subnets, just because they will be easier to manage. So I don't believe IPv6 will change much for the end user, and most of them will still be on IPv4 networks, with the encumbant problems we currently have.

Re:I despise IPv6 and I think it's horrid...

[farnz]

However, you have more subnets than ever before (unless you're already working at a place with a /16 or larger). I've not yet worked anywhere where you'd have more than 65,000 logical subnets per site; autoconfiguration should deal with the issue of tracking IPs in use in a subnet, since you only manage the /64 network number by hand.

For a large corporate network, you just firewall off connections to each network, then require that services you wish to expose have an extra address, which is opened up, and manually assigned, one address per service.

Re:I despise IPv6 and I think it's horrid...

[Alioth]

The biggest problem that immediately jumps out at you with IPv6 is the fact that individual addresses in a subnet have absolutely no relation to each other. So John in the cube next to me will have an entirely different address than I do, and it will have no relation to me.

I'm sorry, but that's unadulterated bullshit. There is absolutely nothing stopping you from assigning adjacent addresses, or using the phone number of the cube-owner, or any other addressing scheme you want for your IPv6 addressing scheme.

For simplicity, on my server network, I simply assigned 2001:470:1f01:109::1 for the first machine, 2001:470:1f01:109::2 for the second, all the way onto the sixth, which (predictably) is 2001:470:1f01:109::6. I could have quite easily used the MAC address instead if I wanted to. Or used 2001:470:1f01:109::dead:beef and 2001:470:1f01:109::baad:f00d if I really wanted. Or set part of the last 64 bits to be telephone numbers. Or...and the list goes on.

IPv6 doe NOT put any constraints on the way you assign addresses in a subnet.

How you manage your network is up to you. If you chose lame IPv6 allocations, that's your fault, not the protocol's fault.

Re:I despise IPv6 and I think it's horrid...

[NitroWolf]

I'm going to take your word for it, that you can easily and quickly do that. However, my training comes in the form of a SUN network... and with SUN, it's based on the MAC; thus you have no control over the actual address assigned.

I'm sure there *will be* ways to get Solaris to change the IPv6 address, according to the SUN provided training material and instructors, that's the "way it is"(tm).

I'm not saying it's right. I'm not saying it's set in stone, but according to SUN, that's the way it's done... and I think it's hideous. I really do hope you are right, and I can asssign consecutive address space to various machines, and my biggest beef with IPv6 will go out the window.

Yes, my experience with IPv6 is limited, but from everything I've experienced so far, it's a horrible, horrible experience.

Re:I despise IPv6 and I think it's horrid...

[gbjbaanb]

what you're really saying is that Sun's IPv6 implementation and tools are sadly lacking from a usability point of view. Shame on Sun.

I've no doubt, Sun thought that a 'GUID' per address was a good idea, and that no-one would ever want anything different... but you describe exactly why you *would* want somethign else.

Maybe its just that the tools for managing the addresses/network are poor.

(lol. maybe you should upgrade to Microsoft :)

Re:I despise IPv6 and I think it's horrid...

[Alioth]

Possibly the best thing you can do is set yourself up with a recent Linux system, and find a tunnel broker (such as he.net) and create a tunnel. You can assign IPv6 addresses with 'ifconfig' in exactly the same manner as an IPv4 address (just you need -A inet6 as an option). I know RedHat and Debian both understand IPv6, and you can put it in their standard config files.

Are you really sure you can't just supply the IPv6 address as an argument to Solaris's 'ifconfig' command?

Re:I despise IPv6 and I think it's horrid...

That's why vendor training is shite.

Re:I despise IPv6 and I think it's horrid...

[Wesley+Felter]

This isn't Sun-specific; the IETF recommends that people use stateless address autoconfiguration and that creates MAC-address-based IPv6 addresses.

That's right it actually works, right now

[rs79]

V8 was invented by one of the denizens of Bell labs and the guy who funded ihnp4, and actually works. Because he refuses to let ISOC copyright his stuff and has been burned by the various I* groups he is somewhat of a pariah. However v8 actually works today and interoperates with v4 and has for years and is already in the Microsoft, Linux and BSD stacks.

If you look at the "6 over 4" spec and the v8 spec you'll realize it's the same thing and was adopted several years back, they simlpy adopted v8 and changed the name, the addresssing is exactly the same - just look at the bits.

Whenever somebody says IPV8 isn't real or is a joke ask them to explain it to you - they can't. THe derision is for political, not technical reasons.

And bseides, haveing Randy Bush call you a sociopath means you're on the right track

Re:IP6s problem is the numeric addresses r so comp

[Viol8]

PPP via a serial link. Or theres SLIP. Or theres other forms of network card such as token ring. What makes you think every PC is connected to an ethernet network?

Re:IP6s problem is the numeric addresses r so comp

Eh, I'll wait until I'm plugged into an IPv6 net to judge whether or not it works beautifully, or just works. There being a difference, mainly in the amount of work necessary by someone, somewhere, to get it all up and running. I imagine the IPv4/IPv6 changeover will leave a lot of fubar'd network stack configurations for some time to come.

Global IPv6 Service launch event in Brussels

[Bluefirebird]

I'm happy to say that I attended that event and it was really great. The demonstration area was really amazing...
They had a HDSDI TV receiving a 270Mbps stream from Madrid (1.5Gbps uncompressed). Another great demo was the IPv6 over satellite from ESA (European Space Agency). They were streaming videos using the award winning Videolan.
There is still some way to go on IPv6 but the main problem is the lack of IPv6 link requests from users that makes the ISPs ignore IPv6 as an important issue.

The best thing of the event was one of the girls that was part of the organization!!! just amazing....

Re:Global IPv6 Service launch event in Brussels

[jguthrie]

Bluefirebird wrote:

There is still some way to go on IPv6 but the main problem is the lack of IPv6 link requests from users that makes the ISPs ignore IPv6 as an important issue.

This is why I can't take the IPV6 folks seriously. Demand for addresses comes from the leaves, not the root. So what if every backbone provider has native IPv6 routing throughout they're backbones? They're not the ones who use addresses by the ton!

I've got an IPv6 tunnel and addresses from a TLA, but I can't get native IPv6 access because neither the cable modem that I use nor the equipment it talks to upstream knows anything about IPv6. In fact, there is little, if any, end user WAN equipment that speaks IPv6 natively. Availability of that kind of equipment is necessary before a "global service launch" has any kind of meaning.

Re:Global IPv6 Service launch event in Brussels

[Bluefirebird]

In fact there are some ISPs with a full native IPv4/IPv6 dualstack and even IPv4 multicast on their backbone (ex: Surfnet.nl). The problem with the cablemodems and ADSL and stuff is true but that is why a tunnel connection is necessary to jump over IPv4 devices. Some ADSL providers like XS4all.nl provide a preconfigured tunnel connection over the ADSL connection. The used just has to login to their website and follow very simple instructions.
A tunner connection for the "last mile" is not such a bad thing. The problem is when you have to cross the internet to get to the tunnel endpoint.

Re:This is one area the US could get left behind..

Other countries (such as China) see IPv6 as a way to "equal the playing field" in addition to solving their "how do I get enough IPs for 1.2 billion people" problem.

China only needs one IP4 address, and a NAT gateway to the global internet, Comrade. Getting IPs for 1.2 billion people, is greedy capitalist way of thinking.

Re:IP6s problem is the numeric addresses r so comp

[Dielectric]

Not really. The vendors building the equipt for IPV6 are also building in translators to the IPV4 space. I'm talking Lucent, Cisco/Linksys, etc. They're doing the work, us little guys will reap the benefits, assuming the equipment even gets installed.

If you're really industrious, you could try it out with a bunch of Linux boxen on a network. Make your own IPV6 net at home! Be the first on your block and the envy of all your friends!

It's not

[rs79]

You just need to pick a 128 bit InterNAT address and the current criticisms about it go away. It's a lot more useful the the broken V6 will ever be.

Garfinkel article on Technoloy Review

[O0o0Oblubb!O0o0O]

There is another interesting article about this on Technology Review written by Simon Garfinkel which covers possible security risks of early IPv6 software routing as opposed to hardware routing as the technology becomes widely used. In addition to that, he predicts that p2p will actually increse due to the fact that NAT troubles disappear.

German version
English version (free registration, blabla)

Re:Garfinkel article on Technoloy Review

[CreatureComfort]

I always thought that the song "Bridge over troubled waters" was about network admin.

lame Simon & Garfunkel joke for you whippersnappers

Re:Garfinkel article on Technoloy Review

[Quill_28]

He also one of the authors to the UNIX-haters guide.

OS ready?

So when are we going to see operating systems that can run only with an IPV6 address and still talk to the internet? And still _work_?

The sysadmins on my site say that much of Solaris works with IPV6 but not all of it.

How is Linux doing with IPV6? Any issues?

Re:This is one area the US could get left behind..

The "Third World" of over 4 billion persons being the best example of your thesis?

Good point. Thanks! (n/t)

[Dlugar]

Dlugar

Re:IP6s problem is the numeric addresses r so comp

[Alioth]

Oh for heaven's sake, that's a pretty lame excuse.

I didn't find it particularly difficult to set my entire server network running with IPv6. DNS wasn't hard to set up (both forward and PTR). Routing was no more difficult than IPv4. My website is available over IPv6 and even the forum is IPv6 aware (including having an IPv6 whois).

Once it's set up in DNS, you seldom have to touch it again - that's what DNS is there for.

HowTo IPv6 for the Home

[maggard]

So, for those of us working from home, how do we take advantage of IPv6?

I've got two houses (different countries), each with a generic router/NAT box, cable modem service, and a coupla Mandrake, coupla WinXP, a MacOS 9, and a MacOS X box. Oh, and i the US a TiVo with Home Media Option. Also the sweetheart needs to boot into Win2K sometimes for work.

I'm willing to swap out the router/NAT boxes if someone can point to ones that supports IPv6. I've already installed IPv6 on the XP boxes, I'm told it's straightforward on MacOS X, I assume it's no biggie for Mandrake. MacOS 9 - I recall Apple making some noise about IPv6 for it years ago but it's not a deal-breaker for me.

The needs are the usual (web browsing/email/listening to streaming audio, etc.) plus I need some way of connecting the two houses so they appear on the same private network.

Any suggestions? Boxes to buy? I strongly prefer to use a consumer router/NAT box over a PC for my gateway but don't see any of them mentioning IPv6 support, anyone got a firmware retrofit? How about getting IPv6 IP#s assigned while inside my ISP's (cable company) IPv4 space, without a fixed IP there? Is there an IPv6-friendly dynamic DNS service out there?

Lotsa questions I know, but I bet lotsa folks would be willing to start getting experience at home if there were some "How-To-IPv6-for-the-Home" pages out there (I've looked, haven't found anything appropriate yet.)

Re:HowTo IPv6 for the Home

if you know cisco ios:

- buy two dual ethernet 1700 series routers off ebay
- get static ip addresses from both of your isps
- set up an IPSEC enrypted GRE tunnel between the sites

Re:HowTo IPv6 for the Home

[pHDNgell]

I've always built my own firewalls (it's easy, and I trust them), and since about 1995 or 1996, they've had IPv6 support.

I had a tunnel over my cable to the 6bone via http://www.freenet6.net/ ...but I recently shut my cable off so I need to bring it up over DSL, just haven't got around to it.

OS X configures up IPv6 by default, as far as I can tell. My router solicitations help, of course. I've got two IPv6 subnets (wired and wireless). All's well.

Re:HowTo IPv6 for the Home

[Wesley+Felter]

Ideally you would replace your NAT with one that can act as a 6to4 border router, but there aren't any of those yet.

You could run Teredo on your computers, but only Windows XP supports it AFAIK.

Re:This is one area the US could get left behind..

[the_mad_poster]

They do when they're not necessary. You think if everyone else wants to move to IPv6 and we stubbornly sit on our asses, they won't just walk right around us? They don't need us to keep the Internet moving, so, yes, they can most certainly leave us behind and I've little doubt they will.

Re:IP6s problem is the numeric addresses r so comp

[addaon]

Those are all valid, of course. But why do I get a sense you're dodging the question? What are you using that lacks a MAC address? The people who are most interested in IPv6 are the people most likely to be using the currently pervasive networking technology.

new era

get your copy of nmap and scan the products in your neighbour's refrigerator.

the new version of McAfee can protect your toaster from unwanted viruses.

Re:IP6s problem is the numeric addresses r so comp

Doh.... hard to remember the numbers?
Good thing that IPv6 includes stateless address autoconfiguration, so you don't have to touch shit on your client computers.

And doh^2 ... We have something called DNS for the rest...

ALL miss the point: IPsec

[johnjones]

ok

all I really want is IPsec

(and maybe MobileIP)

imagine that all your IP conections are secure !
screw that crap 802.11 security just let the router only allow IPsec connections and if you want to lock it down ask for the machines keys and only allow these

why is this so hard ?

IPsec is in all modern linux *BSD *ix MacOS and Win2k WinXP (win98 with download util)

really I have not seen a laptop with a OS that could not use IPsec

IPsec is manditory part of IPv6

why do these people miss the point ?

regards

John Jones

Re:ALL miss the point: IPsec

[WuphonsReach]

why is this so hard ?

I'll take a few stabs at answering that... (not a crypto person, just an amateur)

1) man-in-the-middle attack - in order to transmit the public key for encrypting the content (well, to encrypt a symetrical key which is then used to encrypt the content), you need to make sure that the key you get is actually the key for the entity that you're talking to. If the attacker in the middle can fool you into thinking that their public key is the proper one, everything you transmit is decrypted by the attacker who then chooses what to send on to the destination. MITM attacks are sorta what quantum-crypto is being designed for.

So you need a secure way of getting public keys for particular machines... why not use DNS? Well, that's what FreeS/WAN uses, except that there are issues with the security of DNS transactions that would allow MITM attacks.

Or you can use a PKI (kerberos) server to exchange keys, but PKI has the downside of being centralized (also issues with scaling of certificate-revocation-lists, etc.). Microsoft's OSs support kerberos, but do it in a not-quite-standard way IIRC.

2) Goverments will probably have fits once IPSec is widespread and their carnivore / echelon systems become useless. In fact, they'll probably outlaw it, or require easily-broken algorithms, or other restrictions. When encryption is outlawed, only criminals will have encryption... or some quote to that effect.

Re:ALL miss the point: IPsec

[Brushfireb]

Good notes, but you miss the fact that wireless networks have limited bandwidth. A WIFI network, even 802.11g, serving more than 50 VPNS will dry up quickly in terms of useable bandwidth. 802.11B is even worse.

In other words, VPN is great for low-density situations, but still sucks in big open spaces where there are lots of wifi users.

Which would you rather have, a secure connection that drops every 20 seconds becuase of oversaturation, or a insecure connection that you can SSH out of that holds connection? I think you get the picture.

Re:ALL miss the point: IPsec

[hitmark]

vpn and ipsec are not one and the same.

sure ipsec is a buildingblock for realysecure vpn but vpn is realy a ip signal inside another ip signal, only that the inner one is encrypted, and to do this you dont need ipsec...

ipsec works by adding a hash of the content and optionaly encrypting the content.

Irrelevant...

[Pii]

While your point is not without merit (I'm a fan of choosing a technology based on its applicability, rather than its relative coolness), this is a little deeper than some "golly-gee-whiz fancy IP addressing."

It's vital to Americans that the United States maintain it's lead as a technological innovator, because from a global economic perspective, what do we have left?

We don't really build anything here anymore. We have gotten out of the business or agriculture (We could, even now, provide enough food to end world hunger, but we don't.). Metaphorically, we are becoming a nation of gurus and burger flippers. We have people that can afford expensive cars, and people that wash them.

Our niche lies in development. If we are no longer the leader in that space, then the United States will be doomed to global mediocrity.

Domestically, we already have a kind of class warfare between the "Haves" and the "Have nots" (I don't particularly subscribe to that... It's closer to "Haves" and "Have laters." Even poor Americans have televisions and refridgerators.). Having enjoyed a prosperous history, America as a nation could not stomache becoming a nation of "Have nots."

IPv6 is coming... In some places, it's already arrived. In others, it'll be there Real Soon Now. It needs to find it's way here, and the sooner the better, for three reasons:

• It's inevitable...
• The US would be wise to stay on the cutting edge of technology from a global economic perspective...
• The longer we delay, the greater the difficulty in making the transition.

Making the switch today would be traumatic, because there are a lot of devices that need to be upgraded, modified, or otherwise reconfigured.

Further delay will only mean that there are even more devices that will need to be changed in the future. The Internet continues to grow explosively.

A conversion to IPv6 now would result in far less duplication of effort later.

Re:Irrelevant...

Have and have nots? What does this have to do with IPv6?

IPv6 is not "cool new technology". It is a committee-created standard with no upgrade path.

Why is IPv6 inevitable? Because it's new? I have an IPv4 address already. So do millions of other people. Why will we switch? Why will our ISPs switch? Why will Google and eBay and Amazon switch?

It doesn't matter if the US is on the cutting edge or not. We are large enough to set the standard for everybody else.

We don't have to delay to make an IPv4->6 transition difficult. It is nearly impossible *today*.

Re:Irrelevant...

[Pii]

The parent wondered "what's in it for us" to upgrade, or if "the US is falling behind" was a good enough reason to do so...

I answered his question.

No doubt the transition, if undertaken today, would be a long difficult process.

Just the same, putting it off until later will only make it that much longer and more difficult.

IPv6 is inevitable because it's being adopted by some already... IPv4 has shortcomings, biggest of which are a nearly exhausted address space.

These emerging IPv6 savvy nations are going to be able to do things with their network infrastructures that we will be unable to do. As these applications and uses emerge and develop, American consumers will want to be able to make use of them as well, but we'll be hamstrung by our IPv4 infrastructure, and dependance upon NAT.

Ultimately, consumer demand will probably be the driving force behind the upgrade.

Do you seriously doubt that at some point in the future, we'll all be running IPv6? Get your head out of the sand.

Re:Irrelevant...

[dbIII]

Further delay will only mean that there are even more devices that will need to be changed in the future. The Internet continues to grow explosively.

A conversion to IPv6 now would result in far less duplication of effort later.

Will the USA go to IPv6? Will it go to metric measurements? These two questions are related, while the US was deliberating about going metric it became too late to change easily. If the rest of the world is using IPv6 the USA will not necessarily follow.

Google have more hosts than the entire internet had a decade ago - the net is getting bigger and there will be no easier time to change over in the future.

Re:Irrelevant...

[jroysdon]

I agree with you specifically for the reason of not falling behind. I especially liked the "Have laters" reference in regards to class warfare in the US.

My reason for posting though was to point to a perfect case in point to me (of course I cannot find right now). It was regarding the OSS Squid Proxy which still doesn't have mainline IPv6 support. Yeah, you can get patches for it, but the core developers don't know IPv6, don't have IPv6 connections, and don't (at present) see any need to learn or pursue making it work with IPv6. It'll happen eventually, there will be the need when IPv6 reaches critical mass, or one of the core developers will integrate the patches into the mainline code, but until that point, the project stands to risk being superceeded by another project that might integrate IPv6 sooner and just at the time of critical mass (which will happen in Asia and Europe way before we have the Teir 1 ISPs moving on it in the US).

The next 1-2 years are really going to be key for early adopters of IPv6, IMHO. Even Cisco, who is touted to have had IPv6 support back in 2001 really didn't have it in mainline code for their non-ISP-class hugely-espensive routers until early 2003. Guess why they jumped in the ball? All these little start-up router companies in Japan were touting IPv6 support and Cisco was losing sales.

Did you know that even Windows XP doesn't have full-blown IPv6 support? Try to run it without an IPv4 DNS server, it won't work (and who can possibly remember an IPv6 address, heh). It lists the well-known DNS servers, but they don't work even if you have servers listening for those addresses (as is documented by Microsoft):
fec0:0:0:ffff::1
fec0:0:0:ffff::2
f ec0:0:0:ffff::3

Windows 2003 server is the first version to fully support an IPv6-only network. While we're not ready for that anytime soon, it just shows a short-sightedness, IMHO, on US vendors, and where I believe we're going to lose our edge if we keep it up.

Being pro-OSS, I don't mind it as much as Linux has had full-block IPv6 support since the 2.2 kernel days.

Re:This another area the US could get left behind.

[StrawberryFrog]

The US is already way behind Europe and Asia in mobile phones - coverage, market penetration and standards.

Re:IP6s problem is the numeric addresses r so comp

[31415926535897]

The same charges were leveled at IPv4 back when it came out -- it was considerably longer than was considered necessary (32-bits? That's way too much space!), it's a far bigger number than is convienently held in short-term memory, and yet, according to you, it's simple.
Funny how people adapt.
Between that and the mystic thing called "cut and paste" that's available on pretty much every platform known to man nowadays, this is a real non-issue.

Sure, people will adapt, but consider this. When I was in college I had 5 computers connected to the internet each with their own IP address (different locations - vastly different IPs) and I was able to memorize them all. For one of them I was using a public DNS system that crapped out all the time, so when my domain name was down, it was convenient to have the IP memorized. Try memorizing 1 IPv6 address. I'm not saying it's impossible, but it takes a ton of effort where glancing at one IPv4 address is enough to get it memorized.

Don't get me wrong, I am looking forward to IPv6 (I really dislike having to use NAT at home, though I don't have a choice at work since we're firewalled up the wazoo), but for the human mind this is going to be a huge jump, and you can't cut-and-paste all the time, not when you're on a foreign system trying to remember how to access your home computer and DNS isn't working or set up for it.

ISP's still charge for extra IP's?

I bet the ISP's will still charge for extra IP numbers. It's too easy of a revenue source to pass up. It costs them next to nothing to set up, and with anywhere from a $5 to $15 a month extra charge, it is a great moneymaker.

Re:ISP's still charge for extra IP's?

[kd3bj]

You know nothing about how ISP's make money if you think selling IP addresses is a "great money maker" or that they "cost next to nothing to set up".

I run an ISP, and if IPV6 actually worked, I would give away IP addresses for free to customers. No question.

Re:ISP's still charge for extra IP's?

[amorsen]

You can have some billion IP's from me for free. Actually way more than that, I'm not stingy. If that's not enough there are lots and lots of tunnel providers out there.

Oh, yes?

[cardpuncher]

If it's so beneficial and necessary, why is it not more widely deployed more than 10 years on?

According to Connexion by Boeing, the average home contains 250 devices that someday could be connected to the Internet via IPv6

If anyone was mad enough to allow their devices to connect directly to a public network so that their neighbours can use their phone, pop up their toaster and mismanage their digital rights, then IPv6 might be just the tool!

Interestingly, the 3G phone provider in the UK appears presently to be ensuring that its standards-mandated IPv6 network of handsets doesn't connect directly to the internet, possibly so it can control the services (and hence revenues) that are available.

Addresses

[gunnmjk]

I have enough issues with typing 127.0.0.1 Are they going to make me start typing 0000::000000:ff0000:00000:f00000 now?

Re:Addresses

[rayrob]

No, the IPv6 loopback address is simply ::1

Re:Addresses

[gunnmjk]

...I stand corrected. Thanks. But what about addresses that one would type into say KDX or Carracho. Are those going to be super long? And in MacOS, the colon can't be used in filenames because of hierarchy structure of the system. I wonder what will become with that.

Re:This is one area the US could get left behind..

[eric76]

If we had been on IPv6, it would have taken the Code Red worm years, decades, or maybe even centuries to find the first vulnerable Microsoft IIS web server to infect.

Switching to IPv6 would just about halt any scanning of large blocks of IP addresses for vulnerable computers.

Re:IP6s problem is the numeric addresses r so comp

[Pii]

It's doesn't really matter...

Remember that a MAC address need only be unique on a given subnet.

In a point-to-point connection, the PPP interface could use the same MAC address as the host's Ethernet card, and the two resulting IPv6 addresses would be differentiated by the different network addresses.

In a device that had no ethernet adapter, like a mobile phone, a hardware address could be generated from any uniqueness of the device, such as a serial number, or it could simply have a hardware address built into it's firmware (much like Wi-Fi cards do today).

Even forgoing that, if the two devices connected via a point-to-point connection choose random hardware addresses, the odds of them choosing the same one are simply astronomical.

In the unlikely event that they did, there could simply be a mechanism where they each backed off, and recomputed a new one.

The more likely scenario, like in the case of a dial-up ISP connection, would be that the head-end would be configured as the auto-conf device, and the calling side would simply have to choose an address that was different from the head-end, or that the head-end would simply assign the remote side an address, a la DHCP, much like today.

In a WAN scenario, the network engineers would probably be assigning the addresses at both ends of a serial link by hand anyway.

Tunneling

[Detritus]

Initially, I think what is needed is a cheap home IPv6 router that will automatically tunnel over the cable/DSL IPv4 network to a IPv6 gateway, run by another party. The cable/DSL operators may not like it, as many prohibit VPNs on their current networks. A ban may not be very enforceable.

This echos the early days of the Internet, where IPv4 was layered on top of DECnet, SNA, X.25 and other protocols.

I wouldn't expect to see IPv6 in a firmware update. You will probably have to buy a new box to get IPv6 support.

The interesting thing will be the reaction of the mass-market ISPs, especially cable operators, who tend to view their residential customers as peons down on the farm.

NIST TODAY is seeking comments on IPv6

If you have an opinion on IPv6, why not let NIST know, in addition to posting on Slashdot?

Go to http://www.access.gpo.gov/su_docs/aces/fr-cont.htm l, the table of contents for today'a Federal Register. Scroll down to the listing for NIST, the National Institute of Standards and Technology. There are both text and .pdf links there to NIST's "Request for Comments on Deployment of Internet Protocol, Version 6," which was posted by NIST today in the Federal Register. Comments are due to NIST before March 8, 2004.

Re:IP6s problem is the numeric addresses r so comp

[khafre]

The last 64 bits of an IPv6 address is usually a format called EUI-64. Actually slightly modified EUI-64 in that IPv6 complements the Universal/Local bit. You take your 48-bit MAC address (EUI-48) and split it in half. Insert 'FFFE' between the two halves. Then complement the next to the least significant bit in the first octet. So, to use your example, if your MAC address was 05-04-03-02-01-00 (which it could not be since this is a multicast MAC address), and your link prefix was 2001:1:2:3::/64, your autoconfigured address would be 2001:1:2:3:704:3FF:FE02:100.

Posting via IPv6

[elrond1999]

I've got my own little ipv6 /64 subnet running here :)

Not much to do with it but if I really want to I can post to Slashdot.org via www.sixxs.org.

Slashdot via ipv6

How do I sign up?

[dynamo]

Ok, my os (MacOS 10.3.2), a lot of my software, and my personal philosophy all support IPv6. Where are the publicly accessable routers? Where do I write to get an IP block assigned to me? I'm not going to hold my breath waiting for my cable company or workplace to start passing out longer IPs, the majority of the users probably have trouble with it as it is. But there has GOT to be some free service provider (ala DynDNS) passing out v6 addresses or at least agreeing to route to me if I give them my hardware assigned one and a v4 routing path.. I don't know all the details of the protocol but I doubt they would have missed the opportunity to turn all those NAT-like addresses into real, routable ones. Help!!

Re:How do I sign up?

If you have a single static IPv4 address, look up 6to4, and you already have an entire /48 network (2^80 hosts) to play with (2^16 /64 networks if you like). All routing into your /48 goes through your static IPv4 address, where you could also host your DNS.

Alternatively, tunnel brokers provide single /64's to interested parties.

All this talk about IPV6

I saw we go back to good old, reliable, IPX. Yes, IPX - the successor to XNS. IPX is a great protocol, it's fast and zippy, easily understood, and doesnt have all that crappy overhead of IP.
I can't beleive IPX was surpassed by TCP/IP. If as much effort was poured into IPX as was IP, the world would be a better place.

I give AT&T/NOVELL kudos for boldly deploying a global IPX "Internet" back in 1992. I was sad to see it disappear.

Re:I'M SO COOL

I'm Ashton Kutcher, and I pranked him... in the head!

With a crowbar!

I'm *awesome*!

IPv6 is dying

[tundog]

Anyone who thinks IPv6 has even the slighest chance of hitting mainstream needs a serious reality check. While the current trend may be an increasing number of nodes on the net, there is also another hugely popular phenomenon that is countering that trend - namely our friend NAT.

The purely peer-to-peer internet that IPv6 was desined for is a thing of the past. Problems that IPv6 handles at the network layer are being handled at the applicaiton layer. Not only does NAT resolve scarcity issues with respect to address space, but the multi-cast message distribution is also being handled at the app-layer by the trend to make use of publish and subscribe mechansims.

Remember the 'Network Computer' of the mid-90's? I did the IPv6 port for the DEC Shark prototype.

Multicasting?

[Alomex]

There are good reasons to move to IPv6, including ... multicasting

Like there are tons of people multicasting out there. There are hundreds of papers every year on it, but not many actual users. To paraphrase, the most common implementation platform for multicast is powerpoint.

and better routing to name a few.

Haven't heard of this one. Care to explain?

Re:Multicasting?

[Mnemia]

Maybe the reason for this is that current multicast sucks. If we have a truly globally routable network where everything has an address it won't suck so much any more.

Re:Multicasting?

[Alomex]

Could be, or it also could be that on-demand multimedia is much more convenient than multicast.

Re:Multicasting?

[MikeBabcock]

Multicast works wonderfully, except that ISPs often decide to not route it, which is the main problem. If your ISP supports it, and its upstreams allow it, you're fine for the most part. However, if its just blocked (like port 25 half the time now), you won't get through.

ISPs don't like how multicast splits streams into multiple streams at their border routers for multiple customers to receive data; its difficult to charge appropriately for bandwidth usage.

Re:Multicasting?

[amorsen]

Or maybe the reason is that multicasting is fundamentally unworkable. A router supporting multicast needs to keep track of where to send packets belonging to each multicast group. And there would be as many multicast groups as there are people transmitting radio or video... Perhaps a few hundred thousand stations? Plus the streaming webcams that would appear instantly, a few million perhaps. The number of multicast groups gets way out of hand.

Multicast is intelligence in the routers. The solution is intelligence in the edges - machines should pass the packets on to the next radio listener, and so on. That would scale, since machines are fast, and the few people who want to listen to a hundred thousand radio channels at once probably have a pretty good internet connection and some decent hardware.

Re:IP6s problem is the numeric addresses r so comp

[Pii]

Token ring has a MAC address too...

Another point that I failed to mention in my other reply is that in a point-to-point connection, a hardware layer address is completely unessesary.

It's only required for a multi-access medium. It's required there because all stations on the medium will see every frame that's transmitted (and every packet contained in those frames). The destination hardware address in the frame header let's the recipient station know "Hey, this one is for Me!"

In a point-to-point connection, every frame coming across the link is destined for the recipient station, lest it would not have been routed that way. If the receiver happens to be a router, he still needs to accept the frame, and then determine what to do with the packet based on it's destination IP address (Be it IPv4, or IPv6).

In a frame-relay network, the same thing occurs, and the frames are directed toward a specific end-point by PVCs, which are desribed to the sending station as DLCIs.

Your point is moot... Carry on.

Re:IP6s problem is the numeric addresses r so comp

[Just+Some+Guy]

Ahh, cool. Thanks for the clarification! Out of curiosity, what's the point of complementing that bit? I found the IEEE explanation of EUI-64, but it's a little information-dense for someone not up on their terminology.

Moving to IPv6

[lpz]

IPv6 has only one compelling advantage over IPv4: larger address space. It is marginally useful to have a 24 bit flow ID, and it is esthetically pleasing to have extension headers. All of the other "advantages" don't exist. All the other additional functionality has been ported to IPv4a (e.g. IPSec). There are also a couple of compelling disadvantages: 1. new code=new bugs. The IP stacks of most devices have been pretty well shaken out, so we will have to go through some pain getting the new bugs found and fixed. 2. More overhead. For most applications, this isn't a problem, but for some, it is. In most cases, it either doesn't matter, or header compression can be used to solve the problem. The abortive attempt to switch to ISO networking protocols has made cynics of much of the networking world. However, it will eventually happen, if only because Asia has to migrate due to the lack of IP addresses available to them. Keith Moore's comments, referenced in another post, are all true, but the time where we are going to need so many devices is still in the future.

Re:This is one area the US could get left behind..

[tundog]

Nonesense. While IPv6 was noble concept, it's outlived it's usefulness. The days of network layer modifications are over. Everything is handled at the application layer these days. Back when IPv6 was conceived, it was conceivable that you could 'change' the internet. Those days are gone.

See this

Re:This is one area the US could get left behind..

[jav1231]

I disagree. New technology brings new exploits and/or means to exploit. It's a myth to think exploits are going to hit a ceiling. As a given hacker's understanding of a given protocol or technology increases so will the chance of him cracking it somehow. While Code Red in its current incarnation may have been stimied, it is far more likely that a new "Code Red" would be implemented. In the short term, obscurity would be on your side but the more pervasive a technology the more likely it will be targetted.

Re:This another area the US could get left behind.

[espo812]

The US is already way behind Europe and Asia in mobile phones - coverage, market penetration and standards.

The US population is also much less dense than that of most of Europe and Asia.

Asian Pacific rim has been using IPv6 for YEARS!

Vendors other than Cisco have been shipping fully fleshed out and functional IPv6 for years to Asian Pacific rim countrys and Europe.

Look at networks in Japan that have been running IPv6 networks FOR YEARS NOW!

IPv6 is nothing new outside the US.

The US is probably 4-6 years behind already, thats probably why the DoD decided to light a fire under the US technical community.

Juniper and other router vendors have been shipping fully functional dual stack IP in their base OS's for several years.

Nothing new here, move along, move along...

somebody else beat me to my own post...

[keithmoore]

guess I need to check /. more often...

Re:This another area the US could get left behind.

[Greedo]

I assume you meant to say "The US is less densely populated than Europe and Asia".

Otherwise, I'd beg to differ.

Re:This is one area the US could get left behind..

*laff*

"Left Behind"?

You mean now America won't be able to access those awesome Chinese web sites? Oh no!

Please.

IPv6-only in America (and therefore the rest of the world) is a fantasy that will never happen. Let China NAT themselves behind one IP, what do we care?

Notice I said IPv6-ONLY.. if we keep any IPv4 around then IPv6 is a pointless excercise. (Think before you say: "but, we can TUNNEL! And get all the benefits of IPv6!").

Nonsense. Where's the Argument Here?

After all that typing, you're only argument with ipv6 addresses is that the addresses can be mistyped and adjacent machines may not have consecutive addresses? What kind of argument is that? Where's the administrative burden?

For everyone else, here's the real dope.

Once you receive an address space allocation, all of the machines on your main subnet have the same initial sequence. If you can't remember the subnet, write it down. You'll use it everyday. Secondly, from that point, you can allocate numbers in any manner you see fit. If you want consecutive addresses, you can do that. If you want to create additional subnets for routing and firewalling purposes you can do that. But rather than being stuck with only 254 possible values per class C, you've got (4 billion * 4 billion) values to work with.

A quick example for those new to the game. You've been allocated the following subnet:

SUBNET: 2001:1234:5678:9abc

If your original computers were numbered sequentially, do the same here.

10.0.0.1 -> 2001:1234:5678:9abc::1
10.0.0.2 -> 2001:1234:5678:9abc::2
10.0.0.252 -> 2001:1234:5678:9abc::252 <- use packed decimal if you want, it's your network.
10.0.0.253 -> 2001:1234:5678:9abc::fd <- or use hex, you've got ample space.

Now, here's something you couldn't do with IPV4 because there wasn't enough space on your company's class C network: sensible subnetting.

dmz -> ::1:0, ::1:1, ::1:2, ::1:3, ...
servers -> ::2:0, ::2:1, ::2:2, ...
developers_north -> ::3:0, ...
developers_south -> ::4:0, ...
marketing -> ::5:0, ...

Every group can have their own subnet leaving administration of those subnets to other people. Dan in development may get ::4:1234 and Mary in marketing gets ::5:cdef. You allocate them, so you have control. You can also delegate control as much as necessary and you get 64 bits worth of address to do it in.

From an administrative point of view, there's really not much to complain about.

-AC

#1 Reason to Move to IPv6

[cymen]

There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few.

And the number one reason to move to IPv6 is so we can stop having so many stories about it here! Please, for the love of all that is good, we must adopt IPv6 before slashdot is buried beneath a tsunami of IPv6 stories.

Re:This is one area the US could get left behind..

[ClioCJS]

With multicasting, I bet a worm could spread through an IPv6 network much faster than an IPv4 network.

Are You Sure You're Not Talking About LinkLocal?

LinkLocal addresses begin with fe80 and contain the mac address in the lower portion. This is generally not the IPv6 address you should be dealing with from an administrative point of view. All addresses that would interest you must be assigned to the interfaces manually, just like IPv4. DHCP is also available for IPv6 if you don't want to configure them by hand.

IP6s problem is much deeper than that.

[Bob_Robertson]

If the only change were to increase the addressing to 128 bits, that would be wonderful.

The benefits of unique addressing every device exist, as do the benefits of NAT. It would be nice to have the choice of where to apply each of those techniques instead of being shoe-horned into NAT by necessity.

There is no technical reason not to use the period, our good friend ".", to act as a separator just the way that "." does now. I've seen lots of uses of the decimal representation of the 32 bit IPv4 addressing, especially in spam as an obfuscation method, like "http://2349879177/vi@gara/porn.cgi"

There is, however, no other benefit of IPv6. People can yell "better routing" all day long, it doesn't make it so. Routing tables are not improved by being made larger. All it means is greater and greater functionality required of the networking hardware, which means just more and more ways for the network itself to fail.

Several people have asserted that IPv6 fixes the "problems" of IPv4. The cure is worse than the disease.

I have a challange for supporters of IPv6: Leaving out the increase in addressable space, what is being "fixed" that simply leaving it out of the specification wouldn't solve?

Bob-

Re:IP6s problem is much deeper than that.

[Wesley+Felter]

People can yell "better routing" all day long, it doesn't make it so. Routing tables are not improved by being made larger. All it means is greater and greater functionality required of the networking hardware, which means just more and more ways for the network itself to fail.

IPv6 routing tables are much smaller because the address allocations are being done in a much more efficient manner. Also, IPv6 is simpler to route than IPv4, because header processing was simplified.

Re:IP6s problem is much deeper than that.

[Bob_Robertson]

IPv6 routing tables are much smaller because the address allocations are being done in a much more efficient manner.

Good. That has nothing to do with the protocol, however, that is simply the result of having an opportunity to "do it all over again" with present day conditions. The same would happen with IPv4 if the IANA were to completely reallocate. I agree it's a real benefit, but IPv6 is not the source of this benefit.

Also, IPv6 is simpler to route than IPv4, because header processing was simplified.

Interesting. What header? All but the first and last router don't care about anything but the source and destination address, and most times not about the source address at all. So what else is there to simplify?

I repeat my statement about "leaving it out", which seems to be what you are saying. Elimination of UDP, for instance, is done by leaving it out, and would simplify.

Bob-

Re:IP6s problem is much deeper than that.

[Wesley+Felter]

What header? All but the first and last router don't care about anything but the source and destination address, and most times not about the source address at all. So what else is there to simplify?

You're ignoring header checksums and fragmentation.

Yes, a lot of IPv4 features were simply taken out of IPv6, but that doesn't make IPv6 unnecessary. Taking a feature out of IPv4 would result in something that's not compatible with IPv4, thus you'd have to give it a new name and upgrade all the equipment. So why not increase the address size while we're at it and call the result IPv6?

Re:IP6s problem is much deeper than that.

[Bob_Robertson]

Maybe you didn't actually read my argument. I believe that increasing the address space and simplifying the protocol, rather than adding things like QoS, is exactly what should happen.

It is the additional crud that I disagree with. Smart hosts and relatively stupid (reliable!) network hardware is the way to go, not the other way around.

So what, exactly, do you disagree with me about?

Bob-

"unfortunately the rest of the world does"

[rs79]

Not ALL the rest of the world. One cannot deny the abarasive personality of it's creator if you're on his bad side (I'm not) but that is true of many things. Look at DJBDNS, if you're on the wrong side of Dan (I'm not) he comes off asa jerk, yet his code, I posit, is among the best, if not the best C code I've ever seen. One certainly cannot argue the performance merits of his software compared to bind by any metric.

"IPV8 may be the answer to everything, but keep in mind the net is about consensus, not truth. Never confuse consensus with truth" - Brian Reid

Re:"unfortunately the rest of the world does"

[Zeinfeld]

Not ALL the rest of the world. One cannot deny the abarasive personality of it's creator if you're on his bad side (I'm not) but that is true of many things. Look at DJBDNS, if you're on the wrong side of Dan (I'm not) he comes off asa jerk, yet his code, I posit, is among the best, if not the best C code I've ever seen. One certainly cannot argue the performance merits of his software compared to bind by any metric.

Dan is the author of one of the two IPv8 proposals. He is certainly not a crank, nor generally considered as such, but the other guy is. Particularly when he started to propose IPv16 which compresses 16 bytes into 4.

But yes, even though DJB is not a crank, he is a jerk and he has the political sense of a wet sock and a mud brick combined. He does himself no favors by running a C/R system on all his incomming email with a particularly arrogant message 'Proff Bernstein far too important to talk to a mere peon like you' and refusing to whitelist anyone but people he thinks are super important. Effect is that he basically ends up telling the world that he thinks that they are complete nobodies when they try to contact him.

So even though he is not a crank he does get treated like one and it is his own fault.

Re:This is one area the US could get left behind..

[tiger99]

Of course it will not happen unless Bill can get the code from BSD or somewhere, like the last time..... Or, maybe a lazy programmer will copy the protocol stack from Linux, or even SCO. Now that would be interesting!

But, I confidently predict that it will be at most weeks, certainly not years, before a worm or virus brings down IIS running IPv6. IIS has more holes than code....

uhh...

[ShadowRage]

actually, you can tunnel back and forth (there's ipv6tov4 and ipv4 to ipv6)

www.freenet6.net

It's all about the spam

[WillASeattle]

If we all moved to IPv6, spam would be easy to trace and stop, so it will never happen so long as politicians and telcos make tons of money from spam houses.

Why not v7?

[rs79]

If you look way back there were various verions of ip, 7 and 8 were spec'd out long ago and dropped. The "new V8" is a result of extending Postels early Catanet work, and bears no relationship to the earlier V8 which was abaondoned.

Can we still NAT if we want to?

[uncitizen]

While hardly a complete security measure, can we still use NAT under IPv6? Nothing personal, but even with a firewall and proxy, I NEVER EVER want to give machines, on my private LAN, which have NO need to be accessed from the outside world, a public IP.

Re:Can we still NAT if we want to?

[Wesley+Felter]

Sure, you can stick your head in the sand if you want to.

Re:Can we still NAT if we want to?

[j+h+woodyatt]

With IPv6, there is no such thing as a "private" address. However, there are two reasonable ways for you to get what you want:

1) Use addresses from the global realm and just don't publish a route to them on the Internet. No route = no forwarding path = your private hosts are unreachable.

2) Don't connect your private LAN to the Internet-- use link-local addresses instead.

If you really want to use a NAT, you'll probably have to write your own... there's really no good earthly reason to use one (except in the special case of NAT-PT, which is a transition mechanism for translating between IPv6 and IPv4) .

Re:IP6s problem is the numeric addresses r so comp

[imroy]

A 128 bit number converted to hexadecimal is NOT a pretty site and leaves a huge scope for typos and other cock-ups.

Oh the irony.

Re:IP6s problem is the numeric addresses r so comp

[farnz]

This is a nitpick/rant, so feel free to ignore me.

What's the point in having two different DNS names for the same service? If your website is identical over IPv6 and IPv4 (and it should be), simply give www.alioth.net two different address records (AAAA and A), and allow the client to choose its preferred protocol automatically. Don't force me to enter a different URL.

Re:IP6s problem is the numeric addresses r so comp

[3.1415926535]

Here's where your logic breaks down: The only addresses that are going to be really complex are the ones that are auto-generated, which you won't need to type. Suppose you have a prefix of, say, 2001:f4c:2a5::/48. 2001 is a pretty easy number to remember, and f4c:2a5 is the same number of bits as an IPv4 address. Just tack on other easy to remember numbers and you're set:

2001:f4c:2a5::1 for the gateway,
2001:f4c:2a5:1::/64 for the first subnet,
etc.

It's really not hard.

Re:IP6s problem is the numeric addresses r so comp

[Aphax]

I think you're exaggerating a bit there, IPv6 addresses are quite flexible in their notation. For example if you get a /48 it could be shortened to 2001:888:145d::1, 2001:888:145d::2 and so on. Perhaps in very large complex corporate networks you would actually have to type out all the blocks but then again you would probably use autoconfiguration of IP addresses which is taken care of in the IPv6 specs. It's just something you have to get used too. We're probably going to depend on DNS a bit more.

Re:This another area the US could get left behind.

[AuMatar]

There's a huge difference. IPv6 is something we have to do, to stay in contact witht he rest of the world once they move there. Mobile phones? Noone cares, penetration isn't higher because the market sin't there- the people who still don't have them (like me) don't want them.

It's a ruse!

[Dukael_Mikakis]

America's not really considering switching to IPv6. We just want places like China, Korea, and Russia to switch to IPv6, and then we can filter SPAM that much more easily. Just block all mail from xxx.xxx.xxx.xxx.xxx.xxx ... which would work great, unless you want email from somebody in China.

Availability of small scale hardware

Sure Cisco makes enormous routers with IPv6 capabilities. But who makes an IPv6-enabled DSL modem?

As an ISP we would dearly like to go IPv6 across our network, but it's hard to find an IPv6 replacement for the $20 DSL modems we supply to our customers today.

And of course, we will need legacy IPv4 support for all the Win9x boxes out there.

Re:IP6s problem is the numeric addresses r so comp

[Alioth]

Mainly because I've only just set up a permanent IPv6 presence and I need to spend some time playing with it. It's a learning experience.

Re:IP6s problem is the numeric addresses r so comp

[farnz]

Fair enough; if it's an experimental/at-risk service, then a new name makes sense. It's just that the nice IPv6 people went to all the effort of ensuring that it played nicely in DNS with IPv4 only clients, and I'm used to PHBs who believe that because it's new, it can't share a DNS name with an IPv4 node.

Re:IP6s problem is the numeric addresses r so comp

Out of curiosity, what's the point of complementing that bit?

To make manually-configured addresses shorter. For example, the router's address is normally prefix::1 (the EUI-64 part is ::1, which is not global). Without the inversion it would be something like prefix:2:0:0:1.

Re:IP6s problem is the numeric addresses r so comp

The type of data to remember has a large effect on how well we can remember it. Take for example:

ABC
WTF
BBQ
NFL

Is much easier to remember than

RNW
YOP
QHK
VTI

Our short term memories also have capacities. The fact that phone numbers are only 7-10 digits makes them fairly easy to remember. By the same token an IPv4 address that is 4 3-digit numbers is also not too hard to remember.

The difficulty with IPv6 will be that the length of the addresses are larger than what is easily manageable in short term memory and they are also a mix of numbers and 6 letters. Our brains aren't too attuned to memorizing mixes of letters and numbers unless they can be separated into logical pieces.

Re: Virtually Infinite

IPv6 uses 128-bit addresses instead of the 32-bit ones we're used to with IPv4. Check out 2^128 on a calculator sometime; it's a pretty big number. "Virtually infinite" means "so damn many that we could assign a seperate IP address to every man, woman, child, dog, and atom on the planet and be nowhere near running out".

Don't forget LAN parties

[complete+loony]

Most people don't use DHCP at home (myself included), so when they drag their computers to LAN parties they have to reconfigure everything.
BTW does IPv6 have any simple mechanism to configure browser proxies and other location specific protocols? (since this is yet another annoyance raised by moving your computer between networks)

Re:This another area the US could get left behind.

Whassamatta? Your little eurodick gotchya down today?

USA! USA! USA!
WooHoo!!

Re:This another area the US could get left behind.

[JanneM]

Two of the most best covered countries in Europe for mobile phones - Sweden and Finland - are arguably as sparsely populated as the US.

Besides, I doubt your parent poster was referring to cell coverage in the Alaskan wilderness. Seems the US market has made a pretty good mess of the thing in dense urban areas as well.

Re:This another area the US could get left behind.

[StrawberryFrog]

Noone cares, penetration isn't higher because the market sin't there

The market isn't there becuase your phones are crap - it is an effect, not a cause of the lag. I've heard of several people here in London who have decided not to bother with a landline at all.

TAHI ipv6 Interop Test Event...

[ArghBlarg]

I'm at it right now, as I type, in Chiba Japan (outside of Tokyo). Everyone here is furiously testing IPv6 and IPsec interoperability. IPv6 seems to be getting quite mature as a technology (I don't profess to know a lot about it; I can configure interfaces and routes, that's it). IPsec, however (the IKE protocol in particular) is still experiencing real growing pains.

Anyway, back to slaving away in a hot room with people who speak a language I don't understand :-).

Re:This is one area the US could get left behind..

[thogard]

Better and smarter routing? I don't see how. All I see is the routers need to hold far more info than they already do which will slow them down. Most routers need to know very little about where packets next hop is and you could treat the world as 16 million /24 and make the decisions of which next hop at L2 cache speeds if you used 8mb of content addresable memory (like used for L2 cache). I don't see how buding a system where you can't do that kind of lookup is going to be faster.

Re:This another area the US could get left behind.

[thogard]

According to the CIA, Finland is about the size of Montana and has 5.5 times the population. I'm guessing that means it would have 5.5 times the population density as well. US cities are the least population dense cities in the world. Even Australia and New Zealand's cities are more dense than most cities in the US. And with GSM's 25km limit, it would be too ineffective to try to cover the mid-west states let alone the north western states. In thouse areas 3 Watt AMPS (analog) phones work much better than anything else thats out there.

Re:IP6s problem is the numeric addresses r so comp

[LarryRiedel]

The same charges were leveled at IPv4 back when it came out -- it was considerably longer than was considered necessary (32-bits? That's way too much space!)

Where can I find out more about this? The earliest I know of Internet Protocol per se is IEN 123 (ca 1979), which has 32-bit addresses. Is there a document online showing the arguments which took place against addresses that long?

Larry

Re:This another area the US could get left behind.

[JanneM]

And again, nodoby would argue that the US mobile system isn't pretty messed up in urban areas as well. When people talk about USA lagging behind in mobile phone technology and deployment, it is not rural coverage they are talking about.

As for the coverage, both Finland and Sweden have areas with high population density, as well as very large areas with very low population density - a situation not unlike the US but on a smaller scale. Yet they manage to cover pretty much all populated areas.

Re:This another area the US could get left behind.

[AuMatar]

No, its because people just don't want them. They see no use for them. If people wanted a cel phone they'd get one. We don't. The people who don't have one by now pretty mucch have no uuse for them.

I'd like to play with IPV6 on my home lan, too

[dpilot]

At the moment, I've got a garden variety Netgear firewall/router, obviously IPV4, and the rest of my LAN is behind that. Nor do I have any open ports, though I plan to.

By the time I open ports, I plan to have a dual-homed secondary firewall/server on Linux behind the Netgear, with my home lan on the far side. I'm starting to play with Gentoo, and find that it brings up interfaces in both IPV4 and IPV6, which may well be what I want, because I've got some Windows boxen on my lan too, and need the back compatability.

I'd think in terms of running IPV4 and IPV6 internally, use the firewall/server to bridge to IPV4 to my ISP, and occasionally get on the 6bone, or something like that. The main reason for the Netgear is so I don't have to be as paranoid about updates as if I were directly connected. Connecting to the 6bone puts me right back there, so I only want to do it when I know I'm ready.

Truthfully, IPV4 does just fine for me, even with NAT, especially considering my ISP's AUP. It would be fun to get some IPV6 learning, though.

Code

[rs79]

Do you really care how much you dislike or like the author of some code?

Edison was an insufferable jerk. Do you use light bulbs?

Often time you may also find people respond in kind. I've never pissed off Jim Fleming or Dan Bernstein and they've been remarkably civil to me for over a decade. Shrug.

Re:Code

[Zeinfeld]

Do you really care how much you dislike or like the author of some code?

Not at all, I don't use his code. It is his contributions to the protocol debates that are at issue. Do it my way or I'm taking my ball home is not a very persuasive attitude.

"Dan is the author of one of the two IPv8 proposal

[rs79]

URL ?

Moving to IPv6

[SiegeX]

And the number one reason to move to IPv6 is so we can stop having so many stories about it here! Please, for the love of all that is good, we must adopt IPv6 before slashdot is buried beneath a tsunami of IPv6 stories.

I couldn't agree with you more and so Ill share with you something I posted to my LUG no more than 3 days ago.

Basically, Ive been toying around with IPv6 for the past couple of months and I decided to make myself a nice little init script and share it with you guys. I made this init script for Mandrake but AFAIK it should be compatible with any Redhat-like distro. There is alot of information on IPv6 and alot of the good info is scattered all over. There are quite a few ways to set up an IPv6 tunnel but though much searching and testing I found this way to be the easiest. If you want to try out IPv6 just follow these easy steps.

1. You must compile IPv6 Support into your kernel
2. You must register with an IPv6 Tunnel Broker. Fortunatly enough there are quite a few free ones, and I list two below:
3. 
   
   
   • Hurricane Electric: http://tunnelbroker.net (Based In California)
   • Bt Exact: https://tb.ipv6.bt.com (Based in the UK)
   Due to the predominate IPv4 nature of the Internet, you must tunnel your IPv6 packets encapsulated into IPv4 packets and send them off to your tunnel broker who will then route them nativly within the sixbone. Therefore you want your tunnel broker as close as possible, so choose accordingly. Unfortunatly HE recently banned IRC traffic due to abuse, so If you want to join an IPv6 enabled IRC server you are forced to use Bt Exact which is what im currently using.
   
   
4. Once you register with the Tunnel Broker they will issue you a /64 subnet. That's right a /64 subnet which allows you to have up to 2^64 (18.4 million-billion) IP's!!
   One of the other cool features of IPv6 is that you are currently allowed to host your own reverse DNS for your IPv6 addresses. Thus if you want to spoof your IP on IRC without having to resort to running your own hosting company or doing illegal activities this is how you would do it. My hostname on IRC currently resolves to 0.0.0.0
5. Download my init script at www.identityflux.com/ipv6 (Slashdot effect here I come!)
6. Once you get all the information from the Tunnel broker, simply edit my init script and start'er up. Here are the 5 variables you must edit:
   
   
   • LOCAL4: This is simply just your IPv4 address
   • LOCAL6: This is the IPv6 /64 subnet address that I was talking about earlier
   • REMOTE6:. This is the IPv6 address of the server on the other end of the tunnel
   • NUM_ALIAS: This is how many aliases you want to bind to your new IPv6 interface. You can assign a differnt host name to each one, www/ns/mail etc etc.
   
   All but LOCAL4 will be given to you by the tunnel broker.

My init script creates the conf file for radvd which is basically the IPv6 Router Advertisment Daemon. This is not necessary to have for the tunnel to work, but its a nice feature. Just make sure you start up radvd after you start up my ipv6 script. To test that your IPv6 tunnel is working, just ping6 any IPv6 enabled server. For example:

[root@maximus][~]# ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes
64 bytes from orange.kame.net: icmp_seq=1 ttl=55 time=31 ms
64 bytes from orange.kame.net: icmp_seq=2 ttl=55 time=14 ms
64 bytes from orange.kame.net: icmp_seq=3 ttl=55 time=15 ms
64 bytes from orange.kame.net: icmp_seq=4 ttl=55 time=51 ms

Re:This is one area the US could get left behind..

[jroysdon]

multicast!=broadcast

Pim dense is what you're thinking of, which no one uses except on a flat lan, so it wouldn't get past their local router.

With pim sparse, you have to specify rendezvous server which then connects you to the server sending the data.

Multicast is more like an opt-in email subscription list and not like a usenet feed.

Re:IP6s problem is the numeric addresses r so comp

[Viol8]

I'm actually using an ISDN modem. There is no ethernet or any kind of NIC card in the PC.

Re:This another area the US could get left behind.

[mixmasta]

Why are they crap? They are all made by the same multinationals... ..and even if they are not as good I suspect the lack of a 5 megapixel camera in our phones is not what is holding us back.

I'm with the other guy. Our phones are plenty affordable and feature-full, but I just don't want one. I don't want people calling when I'm takin a piss just so I can look important.

Re:You're kidding, right?

[mixmasta]

I don't think they are 8.3 style limited, I'd say more like 32 chars limited like the original Mac OS.

IPSEC

[SgtChaireBourne]

Um, is this just an oversight, or is the poster so US-centered he doesn't realize that one of the major reasons why IPv6 is interesting to us in that weird "foreign" part of the world is that is expands the address space?

Both.

The target audience for that statement is the U.S., where many authors seems to miss any points beyond additional addresses. However, the misunderstanding is not limited to the U.S. and may even be intentional. Common arguments run something like, "my [puny|midsized] country has enough IPv4 addresses, therefore IPv6 is irrelevent to the world."

As stated earlier, scalability is probably the least important issue for most (i.e. non-Asia) countries when compared to IPSEC and routing.

Re:This another area the US could get left behind.

[10Ghz]

According to the CIA, Finland is about the size of Montana and has 5.5 times the population. I'm guessing that means it would have 5.5 times the population density as well

Population-density in Finland 17 people/square km
Population-density in USA: 29 people/square km

Comparing Finland to Montana is pointless. I assume Montana is one of the leat populated regions in USA, so why compare Finland to Montana? If you are going to do comparison like that, why not compare Montana to Finland's Lapland for example?

Re:IP6s problem is the numeric addresses r so comp

My mobile phone has no MAC address that I know of.

Re:This another area the US could get left behind.

[gorilla]

Comparing any entire country isn't really very useful. Every country has cities and rurual areas. If you've got a country like Canada, then is most of the population within relativly small physical areas, and the rest of the county is almost unpopulated. A country like France has small unpopulated areas, and the rest of the country with quite evenly spread population.

Re:This another area the US could get left behind.

[thogard]

Ok, compare Lapland to Montana. They both have about the same population density and Montana is just one of several of the states with very low population and its population is very spread out. Montana had decent mobile phone coverage over a decade ago but it did require a big bag phone but it worked because you can crank up the power of an AMPS system and it extends the range. If the choice was GSM or nothing, there still wouldn't be coverage there. You just can't afford to cover that much area where there aren't too many customers. From what I've read, Lapland doesn't have very good coverage even now. GSM has its place but its not a univerally better solution.

Re:This another area the US could get left behind.

[10Ghz]

From what I've read, Lapland doesn't have very good coverage even now.

It's impossible to cover 100%, but Lapland has a very good coverage.

Re:This is one area the US could get left behind..

> This is one area the US could get left behind...

who cares - there are other countries in the world, get over it.

Re:This is one area the US could get left behind..

[ClioCJS]

Okay maybe I do not know what that is.

But when I worked at the MCI Internet Engineering Dept, someone explained what HE called multicast. This was a network capacity planner, and the MCI (now Cable & Wireless) backbone at that time was the largest (I believe) in the country. I got the joy of staying late to provide the Dept Of Justice with traffic statistics when MCI was being audited prior to their merger with WorldCom. They placated the antitrust issues by selling my department to Cable & Wireless. I quit and came back to my same job a year later and quit again.

Oh sorry, Tangent mode was on.

Anyway, he said there was a way to send packet X to multiple receipients without having to send multiple packets. Basically the packets would create a "tunnel" (his word), and the tunnel would split and fork into 2 separate paths only when network topography made this manual. So the outgoing bandwidth cost of streaming a video to 500 users simultaneously would be identical to streaming a video to 1 user simultaneously. And bandwidth in general would be preserved. (This could be useful for webservers too, as they could avoid the slashdot effect.)

I may be imagining all this. You tell me.