An Introduction to IPv6

Playboy writes "Here is a great introduction to IPv6 in general, the technological background, the reasons for the move and the effects this will have on networks. Understandable for network novices like me but still includes many details on the technological side of things."

yet another worthless article about IPv6

[garcia]

Introduction to IPv6 #1004040... This has been brought up every six months or so for quite some time and I usually post the same shit about how it's not practical at this time period for much other than reverse DNS on IRC. But this "article" is yet another worthless explanation of the same old shit.

Take for example the following IPv6 address: 43FB:0000:0000:0000:0000:BB3F:A0A0:0000 This could be shortened to 43FB::BB3F:A0A0:0 instead. Now you might ask: "What's up with the double colon?" If you thought that, good for you. You've seen something many people would not have seen on their first try. The double colon (aka "::") signifies that we have removed a series of hexadecimal blocks from the address. These will always be contiguous zeros. AKA "0000:0000:0000:0000" can be shortened to just "::". Therefore when you see the double colon in an IPv6 address, it can be automatically assumed that they are all zeros.

Ahh yes, "simplifying IPv6 addresses". No, there is nothing simple about remembering those addresses (haven't there been studies that say 7-10 numbers in a row is about all we can remember?) So here we have 10+ numbers and letters that don't make much sense (yeah some people have gotten vanity IPv6 addresses like ABCD::BEEF::). Nothing is simplified there until you get the DNS up and running for it (not that this is hard or anything but it isn't exactly easy)

It is true that IPv6 is not human friendly; however, in the long run, it will help solve a lot of issues with the current shortage of available IPv4 addresses on the internet.

Yeah, the "shortages"... Just tell the people hoarding all the damn addresses to hand them over. Sorry but MIT, Apple, etc, as much as I respect their contributions to the human race, do not need a Class A. Allow for the redistribution of the IPs and we should be good to go for quite some time.

Be thankful people don't have unlimited IPs in their house. Most people that want to have multiple computers connected to the Internet use a NAT router and at least protect themselves SOMEWHAT from the outside threats. Can you imagine what would happen if all the Comcast retards were straight to the Net with their own IP on each computer?

ISPs make some good money (hell mine gets $5/mo more out of me for an additional IP) selling off static/dynamic IP space. You think Comcast is going to move for a switch when they make $10/mo per extra IP?

Re:yet another worthless article about IPv6

[smclean]

I think you are being just a liiitle overly pessemistic here.

Who cares if its card to remember an IPv6 address? Do you really memorize multiple IPs from multiple subnets that often? I can personally only think of 2 subnets I have memorized right now, and I work as a system admin full time.

As for the shortages, you think that it's a good idea to have scarcity in the IP market just so people will be encouraged to run NAT? I think its presumptious of you to force conditions on me, personally I'd love to have IPs for each machine in my house, but I can't because IP addresses are hard to come by.

And your last point, yes, ISPs are scumbags, but it seems that the fact that they price gouge for IPs would make you for IPv6, not against it.

Re:yet another worthless article about IPv6

[tuffy]

Be thankful people don't have unlimited IPs in their house. Most people that want to have multiple computers connected to the Internet use a NAT router and at least protect themselves SOMEWHAT from the outside threats. Can you imagine what would happen if all the Comcast retards were straight to the Net with their own IP on each computer?

People are going to buy some sort of all-in-one switch to connect their home computers to the internet as well as to each other, and that device will undoubtedly have a built-in firewall. That'll help secure the consumer-built home networks while unfucking the internet by removing NAT and its port-forwarding hacks.

Re:yet another worthless article about IPv6

[Have+Blue]

Be thankful people don't have unlimited IPs in their house. Most people that want to have multiple computers connected to the Internet use a NAT router and at least protect themselves SOMEWHAT from the outside threats. Can you imagine what would happen if all the Comcast retards were straight to the Net with their own IP on each computer?

Not all that much different from today, for 2 reasons:

• 0wned PCs getting abused tend to max out the connections they are attached to. Once that happens, it doesn't matter if the traffic is coming from 1 PC or a hundred- only 1 upstreams' worth of bad packets are getting onto the net.
• I would wager that the vast majority of people who tend to get 0wned have only 1 computer. Any house with 2, 3, or more probably has at least one person in it who knows about security.

ISPs make some good money (hell mine gets $5/mo more out of me for an additional IP) selling off static/dynamic IP space. You think Comcast is going to move for a switch when they make $10/mo per extra IP?

If anything, they would take this chance to wage a renewed campaign of "you don't really need that router, please buy multiple IPv6 addresses".

Re:yet another worthless article about IPv6

[airConditionedGypsy]

I would wager that the vast majority of people who tend to get 0wned have only 1 computer. Any house with 2, 3, or more probably has at least one person in it who knows about security.

I'll take that wager. It would be interesting to see the distribution of security experts to households with computers. Sure, some households may have folks that know enough to go to windowsupdate every couple of weeks, but I'll bet you that qualified security professionals are quite scarce, and there certainly isn't any proof that a household with 3 or 4 computers is different than a household with 1 computer in terms of the number of persons familiar with security.

Mom's machine, Dad's workstation, Billy's gaming machine, Suzie's laptop ...

Re:yet another worthless article about IPv6

[shawn(at)fsu]

and that device will undoubtedly have a built-in firewall

And that device will undoubtedly have a defult password of admin.

Oh just think of the phone were going to have ;)

Re:yet another worthless article about IPv6

[pHDNgell]

Most people that want to have multiple computers connected to the Internet use a NAT router and at least protect themselves SOMEWHAT from the outside threats.

Again, NAT does not enhance security. It just doesn't. I don't understand why people think it does. The thing that enhances security is your firewall. So instead of pretending like you get security because connections aren't mapped in, you ship home routers with a rule that says no connections may be established from the ``outside'' to the ``inside.'' Done. Then when someone wants an incoming connection, they tell the firewall to allow it.

It works exactly like doing a new NAT mapping and allowing the traffic, except you don't have to do a NAT mapping and allow the traffic, you just allow it. Oh, and if you have two computers you want to do the same kind of thing, you allow it to two computers rather than trying to decide which one of your web servers gets port 80.

NAT does nothing good for the internet. It causes confusion, it breaks protocols, it prevents certain types of connectivity from being possible.

Re:yet another worthless article about IPv6

[jadavis]

That's another "restrict their freedom for their own good" argument.

The internet is successful because there is little central control (aside from DNS). When you start trying to solve other people's problems by mandating network policy, you end up with the "smart network, dumb terminal" philosphy of the phone network.

The internet doesn't work when Joe can't connect to Jane because they're both behind NAT. By discouraging IPv6, and therefore forcing NAT upon large parts of the internet, you drastically limit the number of possible connections that users can make.

Just because browsing and email work fine behind NAT doesn't mean NAT isn't limiting other new applications of the internet. And just because you can't think of new applications doesn't mean that the millions of people trapped behind NAT can't.

In fact, people already have, and they get stuck behind NAT all the time. Game servers, P2P apps, etc.

Re:yet another worthless article about IPv6

[Dmala]

In fact, I'd be willing to bet that there are a lot of multiple computer households that are *much* worse off, because they are run by someone who *thinks* they know about security.

Re:yet another worthless article about IPv6

[jadavis]

Creating game servers, etc, usually requires having an outside server with a dedicated IP address.

The reason the internet is successful is that every user is a peer. One computer may be a server and the other a client, but the server could just as easily be the client and the client could just as easily be the server.

Unless, of course, the client is stuck behind NAT and can't be a server. Maybe he could ask his ISP or sysadmin for permission to recieve incoming connections on a specific port.

When you tell some users that they aren't good enough to be servers, they miss out on potential applications. An example may be to create a game server and ask your friend to connect, or if you need to send your friend a large file over ftp and both of you are behind NAT.

Not a bad start...but a couple of things on IPv6..

[Agent+Green]

It's not a bad introduction, but since this is slashdot, I've got a couple of things that I want to point out:

The article suggests that DHCP will no longer be necessary. This is not necessarily true. IPv6 autoconfiguration will get you an address to get onto the net at large, but it will not give you your DNS servers, time servers, or any number of goodies that DHCP is capable of serving up. Autoconfiguration does remove the neeed to define all kinds of crazy scopes, but it doesn't help with other configurable options.

There is exists a problem with multihoming small entities that need provider diversity in IPv6. Some companies are assigning each customer their own NLA, or /48s, giving the customer 16 bits of addressing power. However, customers of Tier 2 ISPs will only get a couple SLAs or so. If I am a small business with one of the SLAs, there is still the problem of BGP multihoming with this address space, and this absolutely needs to be resolved in the not-so-distant future. I don't think there's a facility where I can go to ARIN and request my own /48 to annouce, say, between Level 3, MCI, and AT&T. While this might not make a difference to most people, it is a problem on the transport side of the house.

Poor planning

[MikeMacK]

The simple answer is that it is due to the very poor planning in the creation and implementation of IPv4 coupled with the unexpected explosive expansion of the internet.

Was it poor planning? The article states that there was an unexpected explosive expansion of the Internet. I believe it's like the Y2K problem, they didn't think their programs would still be in use around 2000, so they only needed to store a two digit year. The same happened here, they didn't realize the Internet would become the World Wide Web, the New Economy, etc. Hell, even Bill Gates didn't see it coming.

Re:Poor planning

[smclean]

NAT may provide us with a nearly infinite number of IP addresses, but none of the addresses behind NAT are not properly addressable; each one can only get ports forwarded to it from the external IP address.

Therefore, there are only as many port 80's out there as IP addresses, and NAT cannot change that. IPv6 can.

To me, NAT is just a hack. Having a handful of real IPs is to me much preferable than one IP, NAT, internal IPs, and a massively complex forwarding ruleset.

Therefore, yay IPv6.

Re:Poor planning

[Neil+Watson]

Not enough organizationgs utilizing NAT. Also, many organizations in the USA have huge blocks of IPs reserved that they could never possibly use. I seem to recall reading that one university has an entire class A block.

Re:Poor planning

[mark-t]

Actually, with IPv6, machines behind a NAT _can_ be properly addressable, just as if they were "directly connected" to the Internet.

The key to it all is the "extension header" support that is part of IPv6. You would use multiple headers, in a IP packet. The outermost one referring to the IP of the NAT. The NAT then strips the first header out and forwards the remainder of the packet onwards. For outbound packets, the opposite happens... it adds an extension header indicating the IP address of the NAT. The actual data within the IP packet remains unaltered in all of this. so if a system isn't interested in raw IP, they won't see all the extension header stuff at all, only the original data that was sent. The construction of the appropriate extension headers could all be underneath the hood unless one were using raw IP, and the application programmer would not in general ever have to worry about it.

I hate to ask a stupid question,

[Scott+Lockwood]

but with virtual networking and CIDR, IPv4 is not going to die any time soon - why would anyone WANT to have to replace all their equipment (like routers, etc.) just to get IPv6 - the ROI doesn't justify the move.

Very hard to read.

[winkydink]

Not the content, the page itself.

Note to web page designers:
Dark characters, light background, sans serif fonts. Trust me. People way smarter than you and mr have already figured this out.

Only "10" IP addresses per person?

[Vexler]

I don't think so. Even if he discounts the bits in the addressing architecture responsible for routing and local/global flags and just focuses on the global unicast address space, that still gives you 64 bits (see Section 2.5.4 of RFC3513).

(2^64)/10000000000 = 1844674407.37 (approximately)

And that's assuming ten billion total world population. It's not just ten addresses; everyone can network his/her own cold-fusion-powered TOASTER to the Internet and we wouldn't run out of IP's anytime soon.

Re:ADD or ESL?

I couldn't agree with you more. Sometimes it amazes me the stuff that get front page attention. Basicly the read a MS IPV6 book and wrote a summery and it makes front page.

Doomsday...

[ARRRLovin]

The internet is getting too big! The only way to save it is by using IPv6!

I have a feeling this is going to be about as successful as getting the United States to convert to metric.

"She'll do 20 hectares on one tank of kerosene!"

Killer App Required

IPv6 wont take off until there is a killer app that requires it. It really is that simple.

Distro-specific introduction

[jgarzik]

Setting up IPv6 is actually quite easy these days.

For Fedora Core users stuck without a direct IPv6 connection (read: most of the world), I wrote a quick IPv6 6to4 setup guide.

6to4 is "automatical tunnelling", which in layman's terms means you don't have to bother your ISP or a tunnel broker in order to set up IPv6 on your network. Most OS's these days (not only Linux but *BSD and Windows) fully support basic IPv6, including 6to4.

So very wrong, it's not funny

[johne_ganz]

Another positive outcome of IPv6 will be better internet routing using QoS, Quality of Service, which routes packets based on priority.

What? There is nothing in IPv6 about this. You can do this right now, today, with IPv4 by having a flexible queueing methodology and flexible packet pattern matching systems. Violla. Any packet destined to network 1.2.0.0/16 that is TCP and port 80 no gets dumped in the high priority queue.

QoS is also the perfect snake oil. In a practical sense, QoS only "kicks in" when there's contention, when there's more data that needs to squeeze in to the pipe than can fit. QoS makes the choice of which packet gets to go over all the other packets waiting to go.

In other words, the only time QoS is of any good is when you are on a over subscribed, saturated network, where there isn't enough bandwidth available to meet demand. In simple terms, the network is broken, and QoS just helps pick who gets screwed the least.

Lastly, routing will be simplified because the IPv6 information header on each packet is far more flexible and can contain more detailed information than an IPv4 header thus allowing for faster routing of data across a network or the internet. Currently, most routers need to maintain as many as 48,000 different routes in their routing tables just to effectively route data that passes through them. IPv6 reduces this number by at least 75%.

This, too, is just flat out wrong. The only way this works is if you have a "clean slate" and parcel out IP addresses in a country/provider hierarchal fashion. Want to move providers? You get new IP's, out of their block. Want to multi home? Well, that kinda blows the efficiency right out of the water because now your network is no longer contained within the providers supernet, you have to announce your individual network both via your provider and where ever else you're peered. Therefore, you just added networks to the global routing tables.

Now, quick show of hands... how many of you want to run your systems off a single homed, single provider only network? And please, none of this god awful "let the router pick which source IP to use!" crap.

Also, if you're worried about IPv6 requiring you to change all of your software, learn new protocols, new methods of connecting, new ways of sending and receiving data or anything like that, fear not. The only thing really changing with IPv6 over what was in IPv4 is that you now have a larger address space which allows for more network addressable IP addresses, a more flexible header and packet system, and faster routing.

Yea, you don't have to change a thing. Not any of your software, or nothin'. Of course, you do need a whole new IP stack to talk IPv6, but that's pretty minor right? Windows folks can make this change by simply cracking open their registries and changing the IP Version key from 4 to 6. Ta da!

Faster routing? How's that? Does it make sense to anyone that looking up a 128 bit address is going to be faster than looking up a 32 bit address? There's more to look up.

Furthermore, all routers worth their salt use hardware accelerated forwarding engines these days. Modern BiCAM's or (nearly always) TCAM's can do single cycle lookup of an address out of a potential 512K entries. It doesn't matter how many entries there are, it can always do find the correct match in a single cycle. And 512K entries is a bit more than a default free routing table (~140K entries) that's common today, so there's no worries there.

The catch is, most of these hardware lookup engines are hard wired for IPv4, and can't easily be extended to IPv6, which means the packets become exception packets and need to be dealt with by the CPU. The CPU lookups are orders of magnitude slower than the hardware lookups. This means that performance for IPv6 goes right through the floor for most routers. Newer routers/blades are starting to come with IPv6 hardware accelerated, but there's an awful lot of infrastructure out there that has no IPv6 hardware acceleration.

Therefore, for most people, IPv6 will initially result in a signfigicant performance drop in terms of packets per second over IPv4.

Re:Remembering IP Addresses

[JonKatzIsAnIdiot]

Contary to popular belief there is very little added security
Really? They block incoming connections to a computer, which is a great security enhancement. A NAT box will prevent you from accidentally sharing your hard drive with the world, unless you explicitly allow it. An unpatched Windows machine lasts 16 minutes or so before being compromised - unless it is behind a NAT box. You will also be protected from all worms that depend on incoming connections to propagate, as well as Messenger spam.
So - please explain to me what is so insecure about NAT.

Re:what's all the hubbub, bub?

[andfarm]

MAC addresses aren't guaranteed to be unique, and they're useless for routing. You can look at the IP address on a packet - whether IPv4 or v6 - and quickly tell where it should go next. You can't do the same with MAC addresses, though: routers would have to keep a table of every single MAC address on the Net (!!) to route packets properly.