Slashdot Mirror
IPv6 is Here
shawn(at)fsu writes "Reuters is running a story that Vinton Cerf of the Internet Corp. for Assigned Names and Numbers (ICANN) says that "IPv6 been added to its root server systems" I like how they said that it will run along side IPv4 for 20 years to get rid of the bugs.
A few previous Slashdot stories out of many here, here and here"
short article). There is one descrepcy that I'm sure I won't be the first
to notice it, either:
Now, I could be wrong; but my understanding was that the need for IPv6 comes from the scarcity of IP addresses (eg 12.34.56.78) not the scarcity of domain names (eg slashdot.org, slashdot.net, slashdot.jp).
Yes, I have machines on my network that acquire static IPs through DHCP. It uses the MAC Address to determine when one of those machines requests an IP.
There are two kinds of people: 1) those that need closure
You can have a whole octet to yourself right now. That's a lot of IP addresses and you're ISP doesn't have to support IPv6, it can be encapsulated in IPv4. There are plenty of gateways out there that will translate the request for you so that only your router will need both IPv4 and IPv6.
It's all up on FreeNet.Sure, DHCP can do that. And lots of people use it that way. In fact, pretty much all of those Linksys/Dlink/whatever firewall/gateway/router boxes support it...
I can't get a native IPv6 address (block), and I'm on a university network. Neither can I get a IPv6 address from T-Online at home. To me this means that IPv6 is there, but not here.
Not too many people remember v5. The IP version is a reference to the IP header "version" field, and 5 was reserved for ST2: See RFC 1819 Sesion 1.2, 2nd paragraph.
So what do you call the next IP version? Version 6, of course!
IPv6 uses 128-bit addresses. For those who can't count that high, let's see, thats:
, 45 6
340,282,366,920,938,463,463,374,607,431,768,211
in decimal. Just try to use all those up! Well, as long as you don't let the spammers onboard first.
128 bit addresses allow for 2^128=340,282,366,920,938,463,463,374,607,431,768, 211,456 total theoretically assignable addresses.
;->
THAT is a virtually unlimited number.
Alternatively, the ISP could still dynamically assign IP addresses, but instead of internal addresses (192.168.x.x, 172.16.x.x, etc), externally routable addresses.
This way, no NATing is necessary, but there isn't any administration of IP addresses assignments necessary. The ISP simply has to make sure that he has enough externally routable addresses available for the max number of customers who could ever be simultaneously connected.
/MC
What does the percentage of used IPv6 addresses have to do with the duration of the coexistence of IPv4 and IPv6?
/48 (2^80 addresses) or /64 (2^64 addresses) when there is only one subnet at the customer's site or /128 (1 address) when it is absolutely certain that just one device will be connected. This way of assigning addresses facilitates local auto-configuration and end-to-end connections.
We will run out of IPv4 addresses within that timeframe, even if we don't colonize Mars and China stays mostly offline or uses its funny IPv4 translation.
IPv6 addresses are assigned differently to conserve router capacity and to avoid ugly hacks like NAT. It is recommended that end users are assigned blocks of
An IPv6 address includes the 64 bit MAC address.
China is already testing IPv9, something which promises to consume IPv6.
;)
Link to article - China's New Generation Of IPv9 Network Technology Ready
I don't see a way of making the sending of email spammer-proof without ending the concept of email-sender anonymity. But that is not the same thing as Internet anonymity. Such a scheme need have no effect whatsoever on all the other numerous Internet protocols, including the Web. You have no idea what you're talking about. John Doe is given static ip x.y. Free porn site logs incoming connection from x.y, immediately knows it's John Doe. So yes, forcing each user to uniquely identify their IP does affect web traffic. I can uniquely identify any user who connects to my webserver. Think what companies like Amazon and E-Bay could do with this information.
Overrated Moderation: This posts sucks... because.
6to4 is simpler and more efficient.
This was solved years ago: Privacy Extensions for Stateless Address Autoconfiguration in IPv6.
Huh? That didn't make much sense.
I assume you mean DHCP-Assigned IP addresses, which well, works significantly different in IPv6. Well, for now, I acknowledge that yes, the dynamic addressing scheme by *default* uses the system mac address in a very deterministic fashion to get an IPv6 address. However, IPv6 'privacy extension' does not, and thus your IP to MAC relationship to hosts not on your network becomes as undeterminable in IPv6 as it is in IPv4. Even if the outside world did have your MAC address, they have no way of knowing *where* that MAC address is. It is still a meaningless identifier until they actual get your machine physically, at which point they've already gone well beyond the point of getting into ISP logs, or have access to the current DHCP leases and physical network segment, which isn't too much more trouble than ISP logs. Hell, you can even set your own MAC address dynamically if you want your tin foil hat to be more fully engaged.
Proxying will persist, it is more about performance and conservation of bandwidth than, say, NAT, which almost certainly goes by the wayside in IPv6 by and large. However, few ISPs have resorted to NATing customers wholesale anyway, so that isn't the case today. I have not seen an implementation, but NAT could certainly be used in IPv6 if you *really* wanted, but it still traces to the nearest routable address, which, as in IPv4 networks, is typically still you.
Ultimately, relying on the 'anonymity' of dynamic IP addresses is really ridiculous if you are really doing something requiring anonymity. IPv6 is in no way the "end of the 'net as we know it".
XML is like violence. If it doesn't solve the problem, use more.
I believe IPTables fully support IPv6.
Dewey, what part of this looks like authorities should be involved?
IPv6 works in a very different way from IPv4, there is no need for private use networks. Each device on a network gets not one, but a few addresses, you have your loopback (::1), but you also have your link local (FE80::/32 an address that's unique in your network but doesn't get routed outside of it) and you can use this for many of the same things you use private addresses in IPv4. Oh, yeah, you also get a multicast address (FF02:/32 that other nodes and the router can use to find your MAC address). That's on top of a bunch of other addresses you may be listening to depending on what you are on the network (dhcp, router, etc)
ipfw and ipf on FreeBSD systems both have excellent IPv6 support. OpenBSD's pf, which is a Theo-ized BSD-licensed version of ipf, should also be solid choice.
Dewey, what part of this looks like authorities should be involved?
This took 2 seconds.
nslookup
>set q=any
>f.root-servers.org
f.root-servers.org nameserver = ns-int.isc.org.
f.root-servers.org nameserver = slave.sth.netnod.se.
f.root-servers.org nameserver = ns-ext.isc.org.
f.root-servers.org nameserver = ns-ext.vix.com.
ns-ext.vix.com internet address = 204.152.184.64
ns-ext.vix.com has AAAA address 2001:4f8:0:2::13
We don't bother adding the /30's to DHCP becasue it is easier to let users do it with tech support than it is to pay UNIX admins to make the changes.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Ya I want this too..
As a side note, you can get to Slashdot (and google, and CNN etc) via sixxs.net with IPv6 by going here:
http://www.slashdot.org.sixxs.org
Now I can't use BitTorrent.
BitTorrent still works (suboptimal) if you're NATed, because your client still connects to other clients (that aren't NATed) and uploads data to them (and thus receives data in return). You just won't get optimal download rates, because nodes that aren't NATed hold several times more concurrent connections. That's because everyone in the network can establish a connection to them, while a NATed node has only the connections it establishes itself (to clients that aren't NATed).
A possible compromise would be for the ISP's to offer IPv6 tunneling hosts.
Not for dgp, but perhaps some of the Dutch users might be interested. XS4ALL offers IPv6 for ADSL connections since october 2002. http://www.xs4all.nl/nieuws/overzicht/IPv6.html (in dutch)
Well, there are global scope IPv6 addresses (like official 'live' IPv6 addresses), site local (internal lan addresses, like 192.168.x.x for IPv4, but its use is deprecated) and link-local (used for IPv6 autoconfiguration). If you want to have a working IPv6 connection to the rest of the world, you will need (a) global scope IPv6 address(es). Thats what the IPv6 providers (native ISPs, tunnel broker) will assign to you.
Most IPv6 tunnel brokers (freenet6, sixxs,
Usually the IPv6 addresses are derived from your (48bit)-MAC address to automatically create a (64bit)-EUI-64 IPv6 address. For this to work you have set up a router advertizing service (e.g. radvd under Linux), which will broadcast - within your lan - the prefix to use, and the PCs in your lan will use this info and automatically create proper IPv6 addresses by themselves.
However if the IPv6 'privacy extensions/temporary addresses' are enabled on a PC (by default enabled on Windows, disabled on Linux), it won't create a EUI-64 IPv6 address (from which you can easily figure out their MAC), but it will use a randomized IPv6 address instead.
You can also avoid using 'radvd' entirely and just setup your PCs to use statically assigned IPv6 addresses (e.g. in the PC's boot scripts), and thus you can make full use of the 80 bit address range.
N.B. there is also a DHCPv6, so you can assign to each MAC address a unique IPv6 address YOU specify, but the DHCPv6 protocol is work-in-progress and I haven't seen a working implementation yet.
I suppose your current network setup is something like this:
In this setup you can either use the NAT box itself as a IPv6 tunnel endpoint/router, which will provide your subnet with IPv6 connectivity.
Another way would be to port-forward the IPv6 tunnel traffic to any of the PCs behind the NAT box, and do the IPv6 routing from there.
Anyway, when the PCs in your lan want to connect to a host on the internet via IPv6, they will connect to the IPv6 router, and the router will forward the packets though the IPv6 tunnel to your IPv6 tunnel broker.
Since the tunnel broker need to know that you are entitled to use their service and where they should forward the IPv6 tunnel traffic, you might also have to 'login' or use a special software to initiate/enable the IPv6 tunnel. How this works exaclty depends on your IPv6 tunnel provider.
Move to Europe.
The AMSix is a major IPv6 peering point, where many of their clients offer IPv6 to customers.
Nerim is a major provider in France. They offer IPv6 natively to all their home users, just enable it on your router/firewall.
The UK has any number of IPv6 capable ISPs (blech, puke), you just have to keep an eye on their internal support groups for help from those who have managed to make it work. Tunnels are always a way around broken providers, but are not an answer to your question.
There are a number of other transit and peering providers all over Europe who provide IPv6, and the ISPs are all starting to follow along. Demand only started when a handful of providers realised their was a large enough market for extra added services, even though very few customers made it an important item. The problem with IPv6 is that there is no WOW! factor, it just works as well as IPv4, transparently, and currently doesn't bring any new features to the internet that users can see.
Completely off topic...
I had a great time at CeBit this year, talking to the chinese ADSL modem makers. After asking if thier boxes supported IPv6, I then told them I needed 20,000 boxes right away for a small scale test, but only with a product with IPv6 enabled right out of the box, no upgrades allowed. Once I started talking about the 20-40 million unit market over the next year, you could see their eyes light up. But if they offered an upgrade within a few weeks (in other words, they'd have their coders pull some all-nighters), I'd walk off to find another with IPv6 already built in. I have a feeling that next year there will be dozens of small ADSL routers with IPv6 capability. Once we can get cheap ADSL routers with IPv6 as a checklist item, ISPs will start offering it.
In the U.S., the term for your situation is TSOL.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Does anyone have a link to this information?
Look at the latest draft of RFC 2462. Nodes are allowed to use a EUI-64 address for the host number, but the recommendation for stateless autoconfiguration is to generate a unique number and test for duplicates with neighbor solicitation. You don't have to use a MAC address with stateless autoconfiguration, and furthermore you don't have to use stateless autoconfiguration if you use a DHCP server on your IPv6 network.
On the other hand, some of the docs I've read say the IPv6 address is based on your MAC.
You haven't read the docs in a long time...
--
jhw