Slashdot Mirror
The State of IPv6
Gnea writes submits this article "about the current state of IPv6, the Next Generation of Internet Protocol version 6, mostly according to Cisco. It's also an interesting roadmap about where and how IPv6 will proliferate around the world.. Apparently China has a grasp already with Korea and Japan, who leads the "Five key Chinese carriers, including China Telecom, China Unicom, China Netcom/CSTNET, China Mobile, China RailCom and CERNET (China Education and Research Network), are slated to join CNGI, building their own national IPv6 backbone independently, while interconnecting with at least two IPv6 IX." while Verio appears to have already tuned into some turnkey solutions recently that are publicly available."
And SgtChaireBourne writes "ZDNet is reporting that the EU and South Korea will collaborate to develop IPv6 applications and services. The agreement was finalized at the
Global IPv6 Service Launch Event in Belgium last week. There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few."
...if we don't quickly develop a plan to start working with IPv6. Most Pacific rim countries have already started, and for them, it is a matter of necessity. Since the US was responsible for a lot of the early internet (DARPA), we have the vast majority of the IPv4 addresses. Other countries (such as China) see IPv6 as a way to "equal the playing field" in addition to solving their "how do I get enough IPs for 1.2 billion people" problem.
libertarianswag.com
another short article from GCN on the subject.
Will I be able to patch my ZX81 to understand the new protocol? Or will I have to upgrade?
If China, South Korea, Japan move ahead of the US, with regard to broadband, the internet, and amount of homes hooked up to broadband, etc.?
If so how will this change our direction, or would it?
Not something I saw mentioned in the article links, but it's worth bearing in mind that the support of IPv6 is mandated in the protocol stack definitions of the 3GPP standards. This means, to cut a long story short, that all 3G telecoms kit (handsets, basestations and switchgear) will support IPv6 out of the box. At least in Europe and Japan.
:)
So, when it finally stops being vapourware, and assuming that people actually buy into this technology, I'd say that was a fairly good driver for other industries to adopt it too. Not looking forward to the transition though.
These sigs are more interesting tha
It's about time we move on from the archaic state of the internet we're at right now. Besides the content, nothing's really changed in 10 years, and it needs to. With the current prolonged influx of security problems caused by an infrastructure that was never meant to handle the things we do to it, I'd say it's about time someone big pushes IPv6.
Notice how North American-based networking gear manufacturers (Cisco, Nortel, et al) are all offering IPv6-ready devices? Ironically, it will be North Americans that will be late to the party.
The telecoms sat on their thumbs during the dot-com-boom on IPv6, they won't be too eager to spend the money now that cash is tight.
Trolling is a art,
Vast majorities don't get left behind.
How did they manage to put six carriers in five? Perhaps if you use NAT you can fit six integers in five... Or is it CCT (Chinese Carrier Translation)? "Five key Chinese carriers, including..." 1. China Telecom 2. China Unicom 3. China Netcom/CSTNET 4. China Mobile 5. China RailCom 6. CERNET (China Education and Research Network) "Including" even implies there are more... OK, sorry. I'm tired.
I'm sorry if I haven't offended anyone
OK, we don't have anough addresses. Ok, lets firewall and subnet. Outcome? I can't connect directly to my friends's computer, and I can't run games (or any other) servers. Decentralised P2P suffers similarly. Rock on IPv6! I have my own IP address, unlike about 1/2 the people at my university and all my friends at other universities, and it's damn useful. Rock on IPv6!
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
> somewhat hopeful research* suggesting that the average home contains 250 devices (toasters, electric toothbrushes, vibrators?)
err... ummm... vibrators? I guess that's just further proof that porn really does run the internet!
Now's as good a time to start drawing up the drafts as any.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I'ts well known that *BSD has the best IPv6 support. Thus we can conclude that IPv6 is dying, if not dead. Once Al Gore and Tom Harkin endorse it, we'll know for sure.
With ip4 its failry easy to set up a box yourself with dns, hosts file etc because of the simplicity of the numeric addresses. However good :: as a shortcut for a block of zeros and leaving it at that.
ip6 might be in other respects , in this respect however its a nightmare. A 128 bit number converted to hexadecimal is NOT a pretty site and leaves a huge scope for typos and other cock-ups.
Ok , this isn't a reason not to use it but it should have been something the designers could have addressed other than just having
This is good news. It lets me just blacklist everything purporting to come from an IPv6 address, instead of having to figure out which netblocks are registered in China.
Cole's Law: Thinly sliced cabbage
Keith Moore, an author/co-author of a number of RFCs on IPv6 and other topics, posted the following to the IETF mailing list, regarding what IPv6 will enable and can be used for.
The comment was in response to somebody's claim that residential users would be happy with NAT, and non-globally routable IP addresses for their "internal" networks.
Re: dubious assumptions about IPv6 (was death of the Internet)That's like saying residential telephone users don't need to have a phone number at which they can be reached. (after all, the purpose of their residential phones is to call businesses for the purpose of obtaining services, right?)
There are lots of apps that would be valuable to residential users if residential users had reachable IP addresses. check the status of your alarm system, or your roast in the oven, or your freezer's inventory. Grab a picture from your baby-cam while you're out for dinner and have left the kid with the baby sitter. Reset the thermostat if you're going to be out of town longer than you thought. Do all of these from your portable phone/PDA which is running guess what? -- IPv6.
Also, don't assume that IPv6 addresses will be used by people or their personal computers. IPv6 enables lots and lots of individually addressable devices which don't have to be associated with individuals. Every km of highway can have an addressable traffic sensor so that police and emergency crews know exactly when and where a traffic accident happened. Every streetlight can be monitored to see if it is functioning properly or if it needs service. Every traffic signal can be made individually controllable so that they can dynamically adapt to changes in traffic patterns. For reasons like this, the demand for IPv6 addresses won't be determined by some linear multiple of the number of humans on the planet.
Finally, don't assume that IPv6 devices will require the support burdens we associate with PCs. PCs as we currently know them are dinosaurs. Appliances that talk to the network aren't going to need the same kind of technical hand-holding that PCs do (because they'd never succeed if they did), and neither will the devices that replace what we now think of as personal computers.
IPv6 will eventually replace IPv4, but it's misleading to think of IPv6 as just a replacement for IPv4. By the time IPv6 replaces IPv4, we won't recognize the IPv6 network as something that resembles what the IPv4 network is used for today. Even though the underlying technology is very similar, IPv6 is really a new kind of network, one that enables things that were really never possible with IPv4 on a large scale.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
If you look at the OSes used to access Google (which is a good indicator of total OSes used), Win98 is listed at the top with 27%. And with Microsoft extending support, it creates a speedbump.
Free XBox, PS2
If you read the various followups to that posting you linked to, you'll see that there are two separate IPv8s. One was a proposal that competed with IPv6 and lost. It's dead. The other is a joke.
So the deal is that there is not, in fact, a serious IPv8 effort underway.
IPv6 may have a better and safer design, but have you ever considered the software that's going to use it? I see networkrelated security issues popping up "all the time" with IPv4 software. Now, what will happen when we do move over to IPv6, which is in fact a more complex protocol? I have a feeling we will be seeing quite a few security reports on not only the various stack implementations, but also on userspace programs.
IPv6 is a solution looking for a problem. The IP address exhaustion scare of 4 or 5 years ago is a moot point these days after the dot com bombs, the explosion of usage of NAT, etc. People are beginning to realize there's NO point in having every device use an Internet accessible IP address. Our entire campus of 5,000 machines is behind 2 IP addresses.
I guess I'm not quite sure I "get it", but why is NAT necessarily a "bad thing"? Because it's not "how it's supposed to be"? Because it's klugey? Bad design? Insecure?
... it basically needs to happen sooner or later. But what's wrong with IPv6 plus keeping NAT around? Or is it just the excitement of "We don't have to anymore!"?
I guess my thinking is, if I've got a house full of electronic devices (let's say a dozen computers, an IP-enabled toaster, fridge, television, etc.) I don't really need or want world-visible IP addresses on all of them. I'd like them to be just 10.* or whatever IP addresses, and if any communication ever needs to go on between them and the Internet they should necessarily go through some central house-server/router/firewall. I should have the option of having, say, three of the computers have world-visible IP addresses, but the rest having local 10.* addresses. But why make my toaster be visible to the Internet when, really, there's no need for him to be?
Or am I missing something terribly here?
Not to say that IPv6 isn't a good thing
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
Um, is this just an oversight, or is the poster so US-centered (s)he doesn't realize that one of the major reasons why IPv6 is interesting to us in that weird "foreign" part of the world is that is expands the address space?
I don't recall how large the US allocation of IPv4 addresses is, but I'm pretty sure it's at least 25% of the space, and that's being conservative. Since the US doesn't even have 1/16th of the population, that's obviously b0rken, and IPv6 is a more or less natural fix.
Now, I'm Swedish, and I'm sure we have enough IP addresses for our puny country, but the nations of Asia probably can't say the same. Thus, more interest in switching over sooner, and less in the US where there's no (or less) pressure from simply running out of addresses.
main(O){10<putchar(4^--O?77-(15&5128 >>4*O):10)&&main(2+O);}
The same charges were leveled at IPv4 back when it came out -- it was considerably longer than was considered necessary (32-bits? That's way too much space!), it's a far bigger number than is convienently held in short-term memory, and yet, according to you, it's simple.
Funny how people adapt.
Between that and the mystic thing called "cut and paste" that's available on pretty much every platform known to man nowadays, this is a real non-issue.
Besides from the added bonus of making the networks failover. (c;
'I am become Shiva, destroyer of worlds'
You are joking, right? IPv4 is getting about as useful as the 8.3 filenames, and NAT has its place, but it's not likely to allow for any real growth. Just imagine the bottlenecks when one branch of a NAT gets totally slashdotted!
Do you by any chance own a lot of stock in a company that claims it owns the internet?
Well, by your post, you probably haven't grokked the true beauty of IPV6. There are a lot of mechanisms in place to address your issues. Host configuration will be done by querying an upstream router. The only people that really have to key in the huge hex addy are the root guys, maybe. Then they'll probably automate it or at least use cut-n-paste. But seriously, IPV6 is quite beautiful, and really has a lot of thought put into the headers and routing to make everything work seamlessly without massive amounts of configuration.
But, before we rush headlong into support of radical IPv6 transformation, we must consider some of the disadvantages. First, there are the costs of migration. Interoperability with IPv4 is an absolute must, lest we make the same mistake that ISO did when it proposed CLNP/CONP in the same breath. Fortunately for us, hardware developers have already seized the opportunity to build IPv6 into routers, and software developers have already integrated IPv6 into the core of popular operating systems such as Linux, Windows, *BSD, etc. But aren't there are some applications that will break if we migrate right away?
Anyway, perhaps that's not a big deal. I'd say the more serious issue is that fast route lookup is made considerably more difficult with the longer prefixes of IPv6. It is fundamentally harder to build switching technology into routers that can handle the longer prefixes and still preserve existing performance guarantees. So unless we don't mind slowing down the internet a bit, we may want to hang on to IPv4 a little longer. Perhaps there is something that ISPs can do such that they can switch IPv6 on shorter prefixes, but I have not yet seen any proposals...
...but it's limiting.
say you've 2 webservers behind NAT. you can't run them both on port 80 as the port forwarding has to go to one IP address or the other.
or if you have 2 apps that use an overlapping port range - big problems.
it just doesn't *scale* but for home use, sure, NAT does the job.
Clear as mud? OK, here's an example. Say you've been assigned the 2001:1:2:3::/64 netblock. Your router will send that information out on all of its LAN interfaces. Suppose your workstation's NIC's MAC address is "05:04:03:02:01:00". When it hears the advertisement, it will assign itself an IPv6 address of "2001:1:2:3::504:302:100" [1] and a netmask of /64. Voila! It's configured and has a world-routable address.
[1] Actually, the format for the last 64 bits is slightly different - I don't recall the exact transformation function - but that's the gist of it. If you look at a host's autoconfigured address and it's MAC, you can see the correlation.
Dewey, what part of this looks like authorities should be involved?
Not really. The vendors building the equipt for IPV6 are also building in translators to the IPV4 space. I'm talking Lucent, Cisco/Linksys, etc. They're doing the work, us little guys will reap the benefits, assuming the equipment even gets installed.
If you're really industrious, you could try it out with a bunch of Linux boxen on a network. Make your own IPV6 net at home! Be the first on your block and the envy of all your friends!
The "Third World" of over 4 billion persons being the best example of your thesis?
Oh for heaven's sake, that's a pretty lame excuse.
I didn't find it particularly difficult to set my entire server network running with IPv6. DNS wasn't hard to set up (both forward and PTR). Routing was no more difficult than IPv4. My website is available over IPv6 and even the forum is IPv6 aware (including having an IPv6 whois).
Once it's set up in DNS, you seldom have to touch it again - that's what DNS is there for.
Oolite: Elite-like game. For Mac, Linux and Windows
I've got two houses (different countries), each with a generic router/NAT box, cable modem service, and a coupla Mandrake, coupla WinXP, a MacOS 9, and a MacOS X box. Oh, and i the US a TiVo with Home Media Option. Also the sweetheart needs to boot into Win2K sometimes for work.
I'm willing to swap out the router/NAT boxes if someone can point to ones that supports IPv6. I've already installed IPv6 on the XP boxes, I'm told it's straightforward on MacOS X, I assume it's no biggie for Mandrake. MacOS 9 - I recall Apple making some noise about IPv6 for it years ago but it's not a deal-breaker for me.
The needs are the usual (web browsing/email/listening to streaming audio, etc.) plus I need some way of connecting the two houses so they appear on the same private network.
Any suggestions? Boxes to buy? I strongly prefer to use a consumer router/NAT box over a PC for my gateway but don't see any of them mentioning IPv6 support, anyone got a firmware retrofit? How about getting IPv6 IP#s assigned while inside my ISP's (cable company) IPv4 space, without a fixed IP there? Is there an IPv6-friendly dynamic DNS service out there?
Lotsa questions I know, but I bet lotsa folks would be willing to start getting experience at home if there were some "How-To-IPv6-for-the-Home" pages out there (I've looked, haven't found anything appropriate yet.)
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
I'm sorry, but that's unadulterated bullshit. There is absolutely nothing stopping you from assigning adjacent addresses, or using the phone number of the cube-owner, or any other addressing scheme you want for your IPv6 addressing scheme.
For simplicity, on my server network, I simply assigned 2001:470:1f01:109::1 for the first machine, 2001:470:1f01:109::2 for the second, all the way onto the sixth, which (predictably) is 2001:470:1f01:109::6. I could have quite easily used the MAC address instead if I wanted to. Or used 2001:470:1f01:109::dead:beef and 2001:470:1f01:109::baad:f00d if I really wanted. Or set part of the last 64 bits to be telephone numbers. Or...and the list goes on.
IPv6 doe NOT put any constraints on the way you assign addresses in a subnet.
How you manage your network is up to you. If you chose lame IPv6 allocations, that's your fault, not the protocol's fault.
Oolite: Elite-like game. For Mac, Linux and Windows
ok
all I really want is IPsec
(and maybe MobileIP)
imagine that all your IP conections are secure !
screw that crap 802.11 security just let the router only allow IPsec connections and if you want to lock it down ask for the machines keys and only allow these
why is this so hard ?
IPsec is in all modern linux *BSD *ix MacOS and Win2k WinXP (win98 with download util)
really I have not seen a laptop with a OS that could not use IPsec
IPsec is manditory part of IPv6
why do these people miss the point ?
regards
John Jones
It's vital to Americans that the United States maintain it's lead as a technological innovator, because from a global economic perspective, what do we have left?
We don't really build anything here anymore. We have gotten out of the business or agriculture (We could, even now, provide enough food to end world hunger, but we don't.). Metaphorically, we are becoming a nation of gurus and burger flippers. We have people that can afford expensive cars, and people that wash them.
Our niche lies in development. If we are no longer the leader in that space, then the United States will be doomed to global mediocrity.
Domestically, we already have a kind of class warfare between the "Haves" and the "Have nots" (I don't particularly subscribe to that... It's closer to "Haves" and "Have laters." Even poor Americans have televisions and refridgerators.). Having enjoyed a prosperous history, America as a nation could not stomache becoming a nation of "Have nots."
IPv6 is coming... In some places, it's already arrived. In others, it'll be there Real Soon Now. It needs to find it's way here, and the sooner the better, for three reasons:
Making the switch today would be traumatic, because there are a lot of devices that need to be upgraded, modified, or otherwise reconfigured.
Further delay will only mean that there are even more devices that will need to be changed in the future. The Internet continues to grow explosively.
A conversion to IPv6 now would result in far less duplication of effort later.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
This is why I can't take the IPV6 folks seriously. Demand for addresses comes from the leaves, not the root. So what if every backbone provider has native IPv6 routing throughout they're backbones? They're not the ones who use addresses by the ton!
I've got an IPv6 tunnel and addresses from a TLA, but I can't get native IPv6 access because neither the cable modem that I use nor the equipment it talks to upstream knows anything about IPv6. In fact, there is little, if any, end user WAN equipment that speaks IPv6 natively. Availability of that kind of equipment is necessary before a "global service launch" has any kind of meaning.
If we had been on IPv6, it would have taken the Code Red worm years, decades, or maybe even centuries to find the first vulnerable Microsoft IIS web server to infect.
Switching to IPv6 would just about halt any scanning of large blocks of IP addresses for vulnerable computers.
what you're really saying is that Sun's IPv6 implementation and tools are sadly lacking from a usability point of view. Shame on Sun.
:)
I've no doubt, Sun thought that a 'GUID' per address was a good idea, and that no-one would ever want anything different... but you describe exactly why you *would* want somethign else.
Maybe its just that the tools for managing the addresses/network are poor.
(lol. maybe you should upgrade to Microsoft
No, the IPv6 loopback address is simply ::1
This echos the early days of the Internet, where IPv4 was layered on top of DECnet, SNA, X.25 and other protocols.
I wouldn't expect to see IPv6 in a firmware update. You will probably have to buy a new box to get IPv6 support.
The interesting thing will be the reaction of the mass-market ISPs, especially cable operators, who tend to view their residential customers as peons down on the farm.
Mea navis aericumbens anguillis abundat
If you have an opinion on IPv6, why not let NIST know, in addition to posting on Slashdot?
Go to http://www.access.gpo.gov/su_docs/aces/fr-cont.ht
The last 64 bits of an IPv6 address is usually a format called EUI-64. Actually slightly modified EUI-64 in that IPv6 complements the Universal/Local bit. You take your 48-bit MAC address (EUI-48) and split it in half. Insert 'FFFE' between the two halves. Then complement the next to the least significant bit in the first octet. So, to use your example, if your MAC address was 05-04-03-02-01-00 (which it could not be since this is a multicast MAC address), and your link prefix was 2001:1:2:3::/64, your autoconfigured address would be 2001:1:2:3:704:3FF:FE02:100.
Ok, my os (MacOS 10.3.2), a lot of my software, and my personal philosophy all support IPv6. Where are the publicly accessable routers? Where do I write to get an IP block assigned to me? I'm not going to hold my breath waiting for my cable company or workplace to start passing out longer IPs, the majority of the users probably have trouble with it as it is. But there has GOT to be some free service provider (ala DynDNS) passing out v6 addresses or at least agreeing to route to me if I give them my hardware assigned one and a v4 routing path.. I don't know all the details of the protocol but I doubt they would have missed the opportunity to turn all those NAT-like addresses into real, routable ones. Help!!
I disagree. New technology brings new exploits and/or means to exploit. It's a myth to think exploits are going to hit a ceiling. As a given hacker's understanding of a given protocol or technology increases so will the chance of him cracking it somehow. While Code Red in its current incarnation may have been stimied, it is far more likely that a new "Code Red" would be implemented. In the short term, obscurity would be on your side but the more pervasive a technology the more likely it will be targetted.
guess I need to check /. more often...
I assume you meant to say "The US is less densely populated than Europe and Asia".
Otherwise, I'd beg to differ.
Tuus crepidae innexilis sunt.
There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few.
And the number one reason to move to IPv6 is so we can stop having so many stories about it here! Please, for the love of all that is good, we must adopt IPv6 before slashdot is buried beneath a tsunami of IPv6 stories.
With multicasting, I bet a worm could spread through an IPv6 network much faster than an IPv4 network.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
actually, you can tunnel back and forth (there's ipv6tov4 and ipv4 to ipv6)
www.freenet6.net
Here's where your logic breaks down: The only addresses that are going to be really complex are the ones that are auto-generated, which you won't need to type. Suppose you have a prefix of, say, 2001:f4c:2a5::/48. 2001 is a pretty easy number to remember, and f4c:2a5 is the same number of bits as an IPv4 address. Just tack on other easy to remember numbers and you're set:
2001:f4c:2a5::1 for the gateway,
2001:f4c:2a5:1::/64 for the first subnet,
etc.
It's really not hard.
Do you really care how much you dislike or like the author of some code?
Edison was an insufferable jerk. Do you use light bulbs?
Often time you may also find people respond in kind. I've never pissed off Jim Fleming or Dan Bernstein and they've been remarkably civil to me for over a decade. Shrug.
Need Mercedes parts ?
I couldn't agree with you more and so Ill share with you something I posted to my LUG no more than 3 days ago.
Basically, Ive been toying around with IPv6 for the past couple of months and I decided to make myself a nice little init script and share it with you guys. I made this init script for Mandrake but AFAIK it should be compatible with any Redhat-like distro. There is alot of information on IPv6 and alot of the good info is scattered all over. There are quite a few ways to set up an IPv6 tunnel but though much searching and testing I found this way to be the easiest. If you want to try out IPv6 just follow these easy steps.
- You must compile IPv6 Support into your kernel
- You must register with an IPv6 Tunnel Broker. Fortunatly enough there
are quite a few free ones, and I list two below:
- Once you register with the Tunnel Broker they will issue you a
/64
subnet. That's right a /64 subnet which allows you to have up to 2^64 (18.4
million-billion) IP's!! - Download my init script at www.identityflux.com/ipv6 (Slashdot effect here I come!)
- Once you get all the information from the Tunnel broker, simply edit my
init script and start'er up. Here are the 5 variables you must edit:
- LOCAL4: This is simply just your IPv4 address
- LOCAL6: This is the IPv6
/64 subnet address that I was talking about earlier
- REMOTE6:. This is the IPv6 address of the server on the other end of the
tunnel
- NUM_ALIAS: This is how many aliases you want to bind to your new IPv6
interface. You can assign a differnt host name to each one, www/ns/mail etc
etc.
My init script creates the conf file for radvd which is basically the IPv6 Router Advertisment Daemon. This is not necessary to have for the tunnel to work, but its a nice feature. Just make sure you start up radvd after you start up my ipv6 script. To test that your IPv6 tunnel is working, just ping6 any IPv6 enabled server. For example:- Hurricane Electric: http://tunnelbroker.net (Based In California)
- Bt Exact: https://tb.ipv6.bt.com (Based in the UK)
Due to the predominate IPv4 nature of the Internet, you must tunnel your IPv6 packets encapsulated into IPv4 packets and send them off to your tunnel broker who will then route them nativly within the sixbone. Therefore you want your tunnel broker as close as possible, so choose accordingly. Unfortunatly HE recently banned IRC traffic due to abuse, so If you want to join an IPv6 enabled IRC server you are forced to use Bt Exact which is what im currently using.One of the other cool features of IPv6 is that you are currently allowed to host your own reverse DNS for your IPv6 addresses. Thus if you want to spoof your IP on IRC without having to resort to running your own hosting company or doing illegal activities this is how you would do it. My hostname on IRC currently resolves to 0.0.0.0
All but LOCAL4 will be given to you by the tunnel broker.
Agree with me or DIE!
What header? All but the first and last router don't care about anything but the source and destination address, and most times not about the source address at all. So what else is there to simplify?
You're ignoring header checksums and fragmentation.
Yes, a lot of IPv4 features were simply taken out of IPv6, but that doesn't make IPv6 unnecessary. Taking a feature out of IPv4 would result in something that's not compatible with IPv4, thus you'd have to give it a new name and upgrade all the equipment. So why not increase the address size while we're at it and call the result IPv6?