Slashdot Mirror
Accelerating IPv6 Adoption With Proxy Servers
jgarzik writes "IPv6 presents a catch-22: the most popular web sites on the Internet
don't have any incentive to switch to IPv6 until a large portion
of their userbase is on IPv6, and their user base does not have a
large incentive to switch to IPv6 until many of the popular Internet
destinations support IPv6. My proposed solution is simple: Configure a proxy server that
serves IPv6 requests, passing those requests through
to underlying IPv4-only servers that not have yet been transitioned
to IPv6.
This article describes how to configure Apache's proxy server to fill this role, and suggests a few ideas for use."
Make sure they're open to the public too. You don't want to be a stingy admin right? You should share your proxy server with the world.
This page/site already does it.
By having an open proxy anyone can send/receive data via your proxy server (duh). There are implications: e.g. I've seen someone's server bandwidth being used to serve images in a spam (pr0n) email.
If you don't want people hiving off your bandwidth and potentially using your server's bandwidth for puposes you wouldn't normally approve of, then consider controlling your proxy access.
--
Use your VPS proxy powers for the powers of good
Is it just me? I can't see any AAAA records for ipv6.org itself. I would have thought they would be the FIRST to change.
Karma: It's all a bunch of tree-huggin' hippy crap!
An extra hop to go through on my web surfing adventure...NOT ON MY WATCH!
IPv6 was primarily designed to solve a *problem*.
That problem was IPv4 address space exhaustion.
If the problem isn't hurting people on either side (client or server), then there is no reason for them to migrate to IPv6.
For people in certain heavy net using countries (such as Japan and S. Korea) which have received a smaller slice of the IPv4 pie, then there is more incentive to move; for the vast bulk of the world there is very little incentive to move to IPv6.
The solution is more ISP support. This is where you vote with your wallet. If your ISP doesn't support IPv6, find another. Same goes if you're hosting a Web site. They will eventually catch on and begin offering IPv6 more widely.
US businesses that currently accept chip and PIN/signature
ISPs providing IPv6 at the same time than IPV4 addresses, at no extra cost, would help. But of course, they will want to give you one, not a group, and for a fee, if they ever use them soon (in some places you have to pay an absurd quantity for a fixed IP with cable or dsl... in the range of more than a small hosting that has an IP but includes the machine power & renting and a similar network monthly usage you could get with dsl always transfering). So I will not hold my breath.
IPv6 will take over just like anything else. When it reaches critical mass and demand forces it. Probably starting in SE Asia and moving westward.
I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
Silly people.
A reverse proxy server (http accelerator) must be open to the public.
However, that does not mean the server is an "open proxy"... the proxy configuration only proxies for the specific web sites listed in the configuration file.
It seems to me that it would be really useful if the little off the shelf linksys/dlink/netgear/etc. routers did ipv6. I don't see it really being used until hardware starts using it.
On top of that it's my understanding that NAT should go away with ipv6. What is everyone with an internal network to do for IPs then? I've heard you can get free ipv6 blocks right now but they can be revoked once everything goes "live" but I don't want to deal with that.
Ultimately I guess I really want NAT ipv4 for inside my network until my hardware can hand out ipv6 addresses that I own forever.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Not until IPv4 addresses run out.
Users need a clear advantage to switch any technology (even trying to get them to switch to mozilla is painful).
What advantages do normal users see from IPv6? Other than being able to give their toaster net access, I see no benefits for them.
Users will switch when ISPs and Microsoft tell them too (and even then they will not know the difference). ISPs (and MS) have no incentive to switch since the lack of IPv4 doesnt seem to be a problem in reality.
From there:"
Why does this service exist?
There appears to be a chicken and egg problem in deploying IPv6; ISP's serving endusers don't want to do it yet because there isn't any need for it from their clients, Hosting companies don't do it yet because there isn't any demand yet either from clients... Thus, we made this gateway, which allows users who do have IPv6 to get to all the content in the IPv4 world. If you don't have IPv6 connectivity (yet) you can of course try the SixXS Tunnel Broker.
This is essentially the same observation and the same solution except that it focuses on getting ISPs (clients) to support IPv6 rather than servers.
Nice try, but that's not a Catch-22.
A Catch-22 is when the solution creates the problem. From the book (yes, there was a book) if the doctor diagnosed you as crazy, you didn't have to fly any more bombing missions. The catch was that you would have to be diagnosed crazy by a doctor to want to fly more bombing missions. Thus, by achieving the status of "unfit to fly", you were actually certifying yourself to fly.
What we have here with IPv6 is two parties with no immediate reward for an investment. If one of them stepped forward, the other would step forward, and the world would enjoy IPv6. There is nothing about this that is remotely close to a Catch-22.
I really wish that the w3c would also adopt for the client side of the http protocol support for the SRV records. (also wouldn't be a bad idea with MUA's) How many would like to see the ability to have your content on multiple locations without costly equipment, or lb'ed dns
That killer app may be VoIP. If everyone wants their own IPv6 phone number.
Or that killer app may be someone coming up with an awesome spam/virus/security solution that requires features found in IPv6.
But just wanting people to switch for no good reason will never work. Market forces...
Ironically, the word ironically is often used incorrectly.
A reverse proxy or http accelerator with IPv6 on one side and IPv4 on the other.
That is mightily impressive and you certainly are a genious of our time.
I don't need no instructions to know how to rock!!!!
My 10.3 PowerBook seems to have both IPv4 and IPv6 running at the same time. Currently my Airport's IPv4 address is 10.0.1.25 and my airport's IPv6 address is fe80:0000:0000:0000:020d:93ff:fe88:f5c4. I can visit both http://ipv4gate.sixxs.net/ and http://ipv6gate.sixxs.net/. Does this mean my computer both has an IPv4 and IPv6 address, and I can visit both IPv4 and IPv6 websites? Maybe I am just missing the point of this news post.
This page was generated by a Barrel of Circus Midgets, and that is the way I like it!!!
And get me some IPv6 addresses? Which, if any, ISPs/hosting companies support IPv6? Who do I talk to to reserve me a chunk of space so when my bacasswords ISP gets in line, I can get me some public IPs for my boxen at home?
I've laways been surpised that more people haven't seen this coming. It will take a lot of time before the majours ever do, and even then they'll reap the rewards.
Your CPU is not doing anything else, at least do something.
"If you don't want people hiving off your bandwidth and potentially using your server's bandwidth for puposes you wouldn't normally approve of, then consider controlling your proxy access."
Not any different than the argument that if you release your works into the wild (intentional, or not), it's free for people to do whatever they wish with it (Including massive copying, or consuming server resources). The usual following argument when the above is pointed out, is. "If you don't want us to do what we please with it, you shouldn't expose us to it.(1)"
(1) The subtext is: We can't control ourselves.
40% of the IPv4 address space is unallocated, and much of the allocated space is probably unused.
Sounds like a funny solution to me. Why not just multi-home the webservers? No extra hardware, extra point of failure, simpler, less dependency, etc.
The issue with ipv6 adoption is not an issue of servers or clients, it's an issue of routers.
ISP's need to adopt ipv6.
Tunnelling won't push adoption, but it might help YOU if you need to work with someone who is using ipv6.
I didn't really read all of your post, but in point 1 you say that Cisco routers use the CPU to process IPv6 packets. This seems nonsense to me, IPv6 has a fixed header length at 40 bytes, unlike IPv4 which uses a variable header length. A fixed header allows a router to process the packet in hardware, unlike IPv4.
Sure, China and Korea would like billions upon billions of addresses, but that's because they've spammed their IPv4 address space into every blacklist on Earth.
CEE5210S The signal SIGHUP was received.
Isn't this just 6to4 which has been around for ages?
IPv6 has a fixed header length at 40 bytes, unlike IPv4 which uses a variable header length. A fixed header allows a router to process the packet in hardware, unlike IPv4.
But the routers have specialized hardware to parse IPv4 headers, and no such hardware for IPv6. A fixed-length header is easier to handle in hardware, but that's irrelevant in this case.
Okay, maybe I'm ignorant, but can't websites just dual-home on an IP4 and an IP6 address until IP4 becomes obsolete?
Seems like a simple migration plan to me. Maybe I'll try it myself...
that's not entirely true. ipv6 still has an options field that, while better
designed than that in ipv4, is complex to process.
which offer IPV6 service?
"To those who are overly cautious, everything is impossible. "
I'm sure your other points are quite valid, but I challenge this one:
"The world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many"
Imagine a near future with 10 billion people inhabiting Earth. Each of those people might potentially have one or more personal computers, a cell phone/data assistant, a handheld wifi gaming platform, a network-aware TV and stereo equipment, and other devices that we haven't thought up yet. A person might have some of these things at the office as well.
If all these devices of the future are to be networked together, even 100 billion addresses might be insufficient.
Paul
The IP numbering allocation in IPv6 is hierarchal, which they are not in IPv4. The first 16 bits are the FP and Top Level Address (allocated to "trunk" cos like MCI), the next is a 32 byt "Next Level Addres" allocated to ISPs, and finally "Sight Level Address"es allocated to people like you and me.
At the moment many routing tables on the trunks have thousands of entries, increasing as allocation of IPv4 becomes more and more fragmented, significantly slowing down the trunks. IPv6 will mean considerably fewer routing table entries there, increasing performance.
Although the raw IPv6 header is larger than the minimum IPv4 header, a system of, in effect, encapsulating parts of the headers in the data packet that are not needed in routing exists where it does not in IPv4 (such as those needed in TCP). The savings there should more than make up for the degregation in increasing the minimum size of 20 to a fixed size of 40.
It is a misconception that IPv4 produces 4 billion IP addresses for the world to use. By the time all the university's Class A addresses and all the wasted IP addresses of those who have networks with machines missing are considered, all the network and bradcast addresses and so on are also considered you will be lucky to see 3 billion. In fact I would not be surprised if the figure was nearer 2. This may be enough for the Western World but not for Asia as well.
IPv6 is also neccessary to adopt the up and coming internet technologies, such as those that use MultiCast (IPv4 implementation of this will NEVER get adopted). I agree with you that it is the routers that are holding this back - but once an area is enjoying the benefits of IPv6 then I believe it will rapidly spread.
My 2c worth....
Web Sig: Eddy Currents
It is true that ARIN will not give you a really small (/24) block of portable space.
It is true that you cannot own IP addresses.
That has nothing to do with the fact that there is no address shortage (under a sane usage model).
The overhead hit isn't quite as bad as you suggest for typical HTTP content. The packet size is typically >1300 bytes and IPv6+TCP is 60 bytes compared to IPv4+TCP at 40 bytes. I make that 1.5% for real data transfer
So what can I do? Are there any national cable or DSL ISP's I can sign up with? I can complain to my ISP all I want but it's not like anyone would give up their ISP simply because there's no IPv6 if they don't have an alternative. Does anyone have ideas as to what a regular old user interested in helping this technology can do?
with HDTV. Now look at the market. Its booming. It takes alot of variables beside the two mentioned in this article to make it happen. But it will one of these days. HDTV had the government behind it in setting a deadline date that forced the industry to convert. And it will most likely take another forced change to make IPv6 come to light.
Quit thinking so 2 dimensionally. IPv4 lasted about 2 decades. IPv6 should last us much longer and through more incarnations of the internet. Imagine nearly every device you own having its own unique IP. NAT is a duct tape solution that will end up causing more problems in the long run. No more going over to grandma's house to set up port triggering/forwarding on her router when she wants to try a new program.
Is there any reason we can't convert an IPv6 address to base 36 so we humans can use alphanumeric strings? It should be a lot easier when we want to give someone the number to our new WAP enabled cell phone. And the memory problem... would have been a problem... if we were still paying $100/meg.
It's already been demonstrated that the error checking and other transmission control routines of TCP/IP have entirely too much overhead for modern technology. I wish I could dig up the old article on
This may be a bit OT, but I'm reading many people talking about NAT like it's some horrible thing.
As a longtime NAT user I like the fact that just one of my computers is hooked to the real internet and the others can't be diddled by outside computers.
Even if I had unlimited IPs, I'd still probably do it this way.
vk.
Most people know that IPv6 delivers a bigger address space, and IPSec security. But what ever happened to its multicast tech? Is anyone sending a single multimedia stream over IPv6 to multiple recipients, without having a separately addressed packet stream like in IPv4? That feature would be the most timely, arriving just as large audiences are developing for online streaming multimedia content.
--
make install -not war
Of course, we now know that NOT having proxies has been a disasterous mistake. I can only hope the IPv6 community in general can accept that.
IPv6 is more than just addresses. You have utterly transparent mobile IP. You have automatic network configuration. Anycasting allows you to request a service and have the closest server respond, without you needing to know where that server is. You have almost-mandatory IPSec - which is more than just encryption, it authenticates that the machines are who they say they are.
IPv6 is a valuable tool. Back in the early days, I ran the first registered IPv6 node in Britain. At its peak, I had 10 tunnels running across Europe and the US. That was using IPv6 under Linux 2.0.20, using the-then VERY experimental IPv6 patches that existed. It started with static routes, but I later moved to MRT and finally Zebra.
MRT and Zebra are now fast-decaying abandoned project, as far as I can tell. The only Open Source software router I can find is Click, and whilst it's good, it doesn't have the developer- or user-base to be confident that it can really do more than be a nice experimental project.
(Any distro authors out there SHOULD put it in their distro, if for no other reason than the fact that Linux will cease to be useful as a router platform, if the last remaining projects don't get adopted.)
IPv6 would benefit from having an IPv6-over-IPv4 protocol defined, much in the same way that SIT defines IPv4-over-IPv6. Again, I've argued this from the start. The idea of a migration to IPv6 will NOT be realised or realisable until the average person can plug in an IPv6 address into a browser or some other network software, without having to care about the fact that it is IPv6, and see a result.
Once IPv6 is truly transparent to the "unwashed masses", you'll start to see people adopting it. After all, it IS easier to configure and maintain. That would make people like ISPs very happy. Less time wasted on network maintenance means more profit for them. And nobody is averse to getting a little richer, a little quicker, when it costs nothing to do. You even have the bonus that it's legal and ethical (though some wouldn't care about that part).
Because IPv6 supports host authentication, it's great for Joe/Jane Average, too. It's harder to spoof mail addresses, when the mail server can validate the transmitting machine. That won't eliminate spam, but it will make using fake addresses slightly harder, which will give people a little more confidence that the sender is who they say they are.
Because multicasting is part of the standard, it also means that video streaming to multiple recipients will be less savage on the network. Once people realise that you can get damn near TV-quality reception by multicast, versus 5 seconds a frame (with tiny, low-grade frames) via a typical webcast, who in their right minds will go back to that worn-out way?
(And by near-TV standard, I'm talking NTSC or PAL resolution at 15 to 20 frames per second. The bandwidth would be impossible to maintain, if the server had to do point-to-point to every recipient, but it's very doable over a multicast transmission, and it's very normal for any of the multicasts advertised using SDR or similar tools.)
The technology that people have, right now, versus the technology researchers have had for decades is pathetic. What you can buy as top-of-the-line off-the-shelf today was commonplace in most research labs 10-15 years ago. Some of the slow adoption comes from wanting to really test the technology. Most comes from corporations dragging their feet and exploiting the time-lag to squeeze their victims^H^H^H^H^H^H^Hcustomers for every penny they h
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Well, yeah. But that does little good until their providers upgrade.
Getting an ISP to make large technical changes is too not hard..
Getting any of the union telco/comm workers to lift a finger in the name of change; that is the hard part.
Network folks at Brown actually have a clue. You do not. NAT is network address translator, and the common MTU is around 1450.
People will use IPv6 when they need it; when every device you have needs it's own internet connection, and routing/NAT will no longer do- providers will switch to IPv6, it'll happen basically overnight, though the use of a consortium.
And even then most people will just take there shiny IPv6 address, NAT it and use IPv4 internally.
-Millions of Monkeys, Millions of typewriters, 6 hours of sorting through faeces encrusted pages to find: This post
After creating these gateways what is the incentive for users to switch? What is the incentive for popular destinations to switch? In both cases I think the answer is none.
No. The answer to rapid IPV6 deployment is for someone to create an IPV6 only P2P network with a ferocious amount of free porn and mp3s. The next day everyone will be upgraded to IPV6.
MOD me up this is both funny and the truth!
Plus it is nice to be behind a firewall.
This issue is a bit more complicated than you think.
Though SSL can sort of be proxied (without a man in the middle attack, that is), would this work for https sites?
How much does it cost to move a family from a town whose incumbent high-speed Internet providers do not provide residential IPv6 service to a town whose incumbent high-speed Internet providers do provide residential IPv6 service? Or do you expect each Slashdot reader to start his own fixed wireless IPv6 ISP in each town and figure out some way to connect it to some sort of IPv6 backbone?
Okay, I won't argue with you there.
It's deliberate overkill. It allows things like 64-bit subnets, which in turn allow for stateful autoconfiguration. It also allows for large chunks of address space that won't be allocated at all; if it turns out in the future that our current allocation method is inadequate for our needs, we can simply devise a new allocation method in this empty space, rather than having to migrate to a whole new version of IP.
Yes, if an IPv6 router had to hold nearly 150,000 routes in memory like it does in the current IPv4 world, it would be massive. Fortunately, IPv6 is designed to have properly aggregated addresses, so that things are much more hierarchical, and routing tables can be stored much more efficiently.
Aside from the fact that more and more connections are using much larger MTUs these days, IPv6 also supports more aggressive header compression than IPv4 did, often resulting in similarly compact headers.
\\'
Please, correct me if I am wrong.
Isn't the internet IPv4 only and IPv6 is archieved thru
encapsulations like The 6Bone ?
If so, what's the point of worring about sites not being in the 6bone?
If I am wrong, can you post some links please?
Thanks
Hell you don't even know NAT is Network Address Translation, no wonder you can't understand IPv6.
One of the problems with addresses is that people were gobbling up huge blocks of them (there are some entities with their own *class A* network... overkill, I should think).
But yeah, I'm pretty sure we're not going to run out of IPs *just* yet...
Currently, no. If we keep getting more and more of the world's population on the Net, we will, though. Eventually. Right now, we could easily salvage enough IPv4 addresses to keep us happy just by getting rid of the absurd Class A addresses. Nobody needs that many addresses, and the various institutions that are currently claiming them would never miss most of them.
Good, inexpensive web hosting
I appreciate your candor and willingness to make sacrifices for the future gain of the
In response to:
/64 address space, this means 2^64 customers, instead of 2^128. Besides, who cares if it's too big, unless it causes problems (see points 3 & 4).
/56 (which would be the equivalent of a Class C for an ISP), they can get a /48 (which is the equivalent of a class B). I'm sure the larger ISPs can get more than a /48. And any small to medium ISP ought not to need more than a /48.
:).
Point 1: This is a current technical limitation which, while admittedly a problem, will no doubt go away as soon as large-scale IPv6 use begins (due to pressure on Cisco).
Point 2: No doubt the same thing would've been said about IPv4. While I agree we'll never use them all, we don't expect to either. If every customer gets assigned a
Point 3: The plan is to greatly reduce the size of routing tables by allocating people large and contiguous blocks, if I understand correctly. So rather than a
Point 4: 3.4% longer? Well, by the time IPv6 comes in, new technology will most likely have made people's downloads 3.4% faster.
That's my theory anyway. Everyone please expose my ignorance, and argue; at least the discussion is still going
I am running MacOS X 10.3.5 behind a Belkin DSL router. I followed the instructions here. I then tried 'ping6 www.kame.net', to which I get 'ping6: UDP connect: No route to host'. I then follow the instructions here, and then trying ping6 again I get:
[localhost:~] userx% ping6 www.ipv6.digital.com
PING6(56=40+8+8 bytes) 2002:0:0:1::1 --> 3ffe:1200:2001:1:8000::2
ping6: sendmsg: Network is down
ping6: wrote www.ipv6.digital.com 16 chars, ret=-1
If I play around too much I get a kernel panic. Anyone have any ideas?
Jumpstart the tartan drive.
Cisco routers suck at IPv6. Many of cisco's routers use the router's CPU to process IPv6 packets instead of the fast-path
..downloading stuff will take 3.4% longer
:(
If by "many", you mean old 7200's, then yeah. If by "many", you mean their flagship products with recent hardware, then you're quite wrong. If you went to their website and read product notes, you would see that the 12000, 10720, 6500, and 7600's all do hardware forwarding of IPv6 packets.
There are too many addresses
Exactly how is that a short-coming? It's not. That's like saying my computer has too much RAM to run calc. The point is to accomodate future needs and it does just that.
IPv6 addresses are too large. The problem with a 64-bit network prefix is that routing tables become massive
I don't know what type of math that is using, but the idea behind IPv6 is to have smaller routing tables. Any IPv6 document gives details on this. You don't have nearly as many address blocks to deal with and it becomes much more manageable.
The IPv6 header is too large. IP networks have a requirement that the minimum MTU supported must be 576 bytes
What networking technologies use such a low MTU in today's world? Generally, 1500 is used, even 9216 and 64K are common in LANs. While there is a slight overhead increase, it's not even noticable even to real-time applications, and given any modern networking technology, you won't notice any difference at all.
If this is an example of what most people are thinking about IPv6 out there, then the true barrier is misinformation (or lack of). And that's sad.
What killer app do you envision that will move residential customers to demand a /64 of globally routable IPv6 space?
My network seems to filter out normal ipv6 tunneling protocols, so I can't establish a connection. Are there any free tunnel brokers which can establish a tunnel over TCP or UDP?
If you're so confident that your dissertation has academic merit, why don't you put your name to your post?
1) No arguments, mainly because I don't know about the architectures of the Cisco and Juniper PEs used.
2) For a post-grad student, you don't seem to know much about IPv4. Almost 17 million addresses taken by each of 127/8 and 10/8. Another million gone with 172.16/12. 192.168/16 rounds that all out to about 36 million. Almost one percent of the address space gone, just on reserved ranges. The experimental ranges take some more space again. Then there're all the network and broadcast addresses, with CIDR making that problem worse, even while it does solve the issue of giving organisations blocks of space that're wildly in excess of their requirements.
3) I dunno who makes your NIC, but all mine have a 48-bit MAC.
IPv6 does nice aggregation. Routers only need to know about their immediate network, everything else they see as an aggregation. So rather than knowing about every
Plus, RAM's cheap. Even the Kingston stuff you need for Ciscos. Couple cheap memory with the very good route summarisation in the IPv6 spec, and it's a non-issue.
4) The current IP network has these restrictions. With jumbo frame and the various other techniques now in existence, you don't think it's possible that part of the migration to IPv6 will be to throw a few more bytes into the packet size?
I can't belive you got a +4 (Informative) for that load of tripe. No wonder people have no respect for the moderators!
"God, root, what is difference?" - Pitr, userfriendly
IPv6 already specifies a range of addresses that map to IPv4 addresses.
May we never see th
"Cisco routers suck at IPv6."
Actually, you could probably just shorten this to "Cisco routers suck."
"You can't fight in here, this is the war room!"
A few quick issues with your points, just be glad I'm not on your review board, it wouldn't be pretty.
Oh, and if you actually read said RFC you would learn that it is not a solution, it is a bandaid. Just read the abstract:
For those gamers that enjoy the old online text games, I have a java telnet mud client with a packaged proxy server. The proxy server was developed with a focus on the client, but supports a robust area of features.
Initially I was against using IPv6 for the service, yet the developer whom created the proxy for my java applet was using IPv6.
I believe we will begin seeing more IPv6 support throughout the internet. Currently it is still considered a geeks toy, but as more software is released with IPv6 support, it will become common programming practice.
Take a look at this proxy program that is packaged with a java mud applet client for websites at:
http://www.mudmagic.com/java-client/
It isn't as supported as Apache, yet has been extensively tested on a high-profile server, and offers: port assignment, set-uid, logging, access control list, daemonizing, and a few other snazzy features.
My Thoughts, Kyndig
Part of your IPv6 address is your MAC address. You will never not have a fully routable address under IPv6 because there are just that many of them to go around. Basically your ISP will have their prefix, and each of your devices will append it's suffix, derived from the MAC. Thus an end user will never need to get their own static IPs, they'll have them automatically. The only people that will need to acquire space are ISPs, corperations, universities, etc that want/need to have their own dedicated prefix(es). Since you don't need that, you just use your ISP's prefix.
Seriously, what problem is this solution solving?
:)
I run ipv6 here at my site, every PC ont the LAN is using it.
Inside the LAN its almost totaly native IPv6. Only the printers are IPv4 only. When surfing the web, the users browser does a AAAA DNS lookup, if it succeeds, then it does a native IPv6 connection. If you try to connect to IPv4 only site (very common), then the PC initiates an IPv4 connection. Our Internet router provides the IPv6 tunnel and does NAT'ing for IPv4. Its all totaly transparent, requiring no end-user setup or mucking around with.
I regularily use IPv6 websites, and I don't notice that they are IPv6 unless a) the website notifies me I'm connecting over IPv6 (eg http://www.ipv6.org/) or b) i look at the traffic going through.
The only thing I could do to "improve" the situation here would be to have my ISP IPv6 aware, so I didn't need to use a tunnel broker.
The way that would work would be the ISP would issue a single IPv4 address and a IPv6 prefix on connect. Then the would would be a great place
All my applications I write are IPv6 aware, infact they are primarily IPv6 applications with fallback to IPv4.
Most applications you use today are IPv6 aware. The next step for IPv6 is hosting companies and ISPs proving IPv6 natively. This will happen once the backbone routers are fully IPv6 aware.
Nick
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
At the current rate of non-progress, IPv6 will never reach critical mass. IPv6 needs a jumpstart.
IPv6 is getting its jumpstart. From the upcoming mobile IP vendors. They want IPv6 for tracking their phones/modems (for which they can't buy enough IPv4 address space to be confident of not hitting a wall). So they have made it a checkbox on equipment acquisition (i.e. you don't sell 'em a router unless it has IPv6 - period).
Since they're talking equipment purchase totaling into the billions this is NOT something the equipment vendors are ignoring.
Once there's a bunch of endpoints out there that can only be reached by IPv6 (or NAT/tunnel servers bridging to it) there will be a lot of pressure to migrate the rest of the net.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
You pretty much lost your credibility when you said that 128-bit was "too many" addresses.
For one thing, this is the kind of short-sighted thinking that brought us the year 2000 problem and IDE disk limits jumping from 8 GB to 32 GB ("I know, let's add 4 bits! that'll hold us for a while") to 128 GB ("wow 4 bits didn't last long at ALL, so... um... why don't we try... uh... adding 4 bits?") before they finally had a brief flash of sanity and actually jumped up to the current system (48-bit addressing, which gives huge amounts of space).
More importantly, you really lost me when you said "the world does not need more than the 4 billion addresses available with IPv4". Well, first of all, we already have more than 4 billion people on the planet. Second, cell phones are becoming damn near ubiquitous. If every cell phone had an IP address, we could hit 4 billion IP addresses within a few decades, potentially. But most importantly, you don't seem to realize that addresses are never allocated with 100% efficiency and that there is a HUGE, HUGE real economic cost to increase the efficiency with which addresses are allocated. The less efficient you HAVE to be with allocating IP addresses, the less you have to have arguments with ISPs about whether they should really give you the 256 addresses you want when you might only need 128 of them. That kind of thing is a huge waste of time that only comes about because of address scarcity.
It's not simply enough to add a few bits. What's needed is to add so many bits that at every administrative level where address allocation is delegated outward, there is not scarcity. Ideally, addresses are so plentiful that even if one (or more!) of these administrative levels makes a horrible, gross misestimate of the part of the address space it needs, then everything still works smoothely and there still is a surplus. Keep in mind that there can be several administrative levels, such as continent, country, backbone company, backbone reseller, ISP, ISP reseller, ISP's (or reseller's) customer, plus all the different administrative levels within the customer's organization. Think of a tree with potentially up to 10 or so levels and with a branching factor that could be in the thousands. Just how many leaf nodes does such a tree have? I'm starting to doubt whether 128 bits is really generous at all!
Bottom line is, it looks like perhaps the only thing you're looking at is the ease with which the protocol lets you built an efficient router. That is nowhere being the only important thing involved here.
(Furthermore, as a bit of a tangent, why does it matter if the network portion is 64 bits? I don't see how this makes routing tables have to be really huge. A routing table will be basically a hash, and the size of the hash only needs to be proportional to the number of entries in the hash, not the size of the datatype from which you compute the hash function! In theory, we could use 128-byte null-terminated C strings as the network portion, and as long as you have a good hashing algorithm, the routing table doesn't change size. So I'd really like to know how you concluded that 64-bit integers are a big problem for routing tables. The only problem is if the actual number of routing entries goes beyond 2^32, and you know what? If it needs to go beyond that, then IPv4 has by definition reached the point where it's inadequate. In other words, if the routing table grows too big for the router to handle, that's a function of the network topology and size, not of the size of the addresses used by its protocol.)
Subject line says it all.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
You hire based on posts seen on slashdot? YHBT. YHL. HAND.
1)Old Cisco routers don't have fast path hardware for IPv6, all current enterprise class hardware does.
2)Bullshit, how many people are there on earth again? How sparse is the IPv4 address space again? Thought so. Btw NAT stands for Network Address Translation.
3)Actually due to much more intelligent route agregation IPv6 route tables are SMALLER.
4)Average headers are roughly the same size, 20 bytes is the minimum but average is considerably larger. Also real world MTU's are bigger than 536 bytes except on ATM transported networks so the impact is even smaller.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Look for the well thought out and accurate beginning, the claim to authority, and the slow and deliberate insertion of false and self-contradictory material:
1. Cisco routers suck. Pointing at outdated data.
2. There are too many addresses: Incorrect number of addresses per m^2, it's closer to 6.6*10^23/m^2. straw man argument about being unable to conceive of a use for all those addresses (despite giving a valid use in statement 3)
3. Routing tables only care about physical networks, not all possible logical networks. We will have to deal with growing routing tables as physical routers increase anyway.
4. States that ipv6 header has twice as much overhead as ipv4 despite showing that it's actually 3.4% overhead for most packets.
Remember, if it starts out relatively sane but gets crazy, it's an AST.
i remember my professor introducing me to ip6 a few years ago, and one of the major things he touched on was tunneling through ip4 networks. soooo what was the problem, and why does this article make it seem like it needs more software? did that not end up implemented by default?
BGP currently shows roughly 1.3B addresses as being routable. That represents a little more than 25% of the IPv4 space.
/8's around and a ton of academic institutions (MIT) and large corporations (Eli Lilly, etc.) that received /8 assignments back in the day.
/8 recipients from that time wont either.
e
There are alot of special use
I can not imagine MIT utilizing 16.7M IP's, and most other
For more information see http://www.iana.org/assignments/ipv4-address-spac
Note to moderators: This post always shows up every f**king time IPV6 is even mentioned. As you can tell from the replies it's generated, most of the objections are BS and/or out of date.
how will this, or any, proxy affect VPN connections? does the translator in 2.4 kernel know about ipv6?
Subject line says it most, anyway.
how to invest, a novice's guide
Well first thing that ran through my mind is that I should toss any resume from anyone what has a BS from Brown University. And you are full of it.
Then I saw it was for your disseration. Silly me.
So lets see if we could find a position for you, assuming you are not a professional troll.
1. Cisco is not the only network equipment vendor. And you can get wire speed IPv6 performance with Cisco or other "lesser" vendors, it depends on the product, not the 2506 you leaned on while overhearing "talking-points." Maybe Purchasing?
2. You are short sighted, so that rules out Planning or Management. Your NAT decode is fubar. There are not 4 billion addresses available if you exclude RFC 1918 non routables and class D and E are likewise unallocated as sources. But a more convincing point would have been that networks 89-126 aren't even allocated yet. Thats about 654 million addresses we still have not even handed out, and that is just the biggest chunk.
3. 56 bit ethernet addresses huh? Not going there. Massive routing tables? Have you read anything about IPv6 routing and TLA heirarchy, or come across the term aggregation in your 92.5 seconds of research? Since you can't remember numbers, and dont know what an RFC is after doing a dissertation, I'm afraid Accounting is not for you and Engineering means reading and understanding specs, so ixnay there.
4. Bloated? We went from 2x32bit addresses to 2x128bit addresses in the header, a 4x increase, yet the overall header only increased by 2x? That is not bloating, that's good engineering. Bloat is when you increase the address size 4x and the whole header grows 16x. I'm afraid you definitely are not cut out for engineering.
Since you did manage to get some buzzwords in there (some in the right order too), and seem to do reasonably well at calculating percentages, and you were able to make a nice sequentially numbered list and even do bold headers, I have the perfect career for you: Marketing.
Hint: Don't worry if you get some facts wrong in that big Powerpoint presentation to the customer. When they call and say they don't want your product afterall, you can always say, "Well what better place than the meeting room to address these points," at which point someone with a brain gets called into another stupid meeting to undo all your "talking-points."
You might argue that we can still use VPNs. That's true, but is it easier to tap few VPN tunnels and having the rest of traffic to intercept, mail filtering,
Not to forget that the US gov. still restrict exporting strong encryption to certain countries!
They will find a way/regulation/pressure to halt any large scale project to implement it.
"Evil thrives when good men do nothing"
Give the address a name and provide the name to your friends who run mail servers so that they can add it to the end of their MX list.
ok, now show me a open SOCKS proxy server for IPv6 ?
#include "coucou.h"
Tunneling is only a way to transport packets between two IPv6 endpoints over an IPv4 network.
With tunneling you still need IPv6 support at both ends of the connection.
With a gateway/proxy you don't.
Google being the technical geeky company it is should go IPv6. It wouldn't be hard for them, and it would signal the start of the main stream sites adopting it. I've used IPv6 for a couple of years now. I always compile in support for it, and always add dual DNS records for all my servers. Grab a tunnel from a tunnel broker, and you're playing on the IPv6 net. Which is nice and friendly at the moment - much like IPv4 was 25-30 years ago, I would imagine.
Get your own free personal location tracker
Maybe they will dump fixed 128-bit addresses, and make them variable length instead, so that new addresses may be allocated where they are needed...
This is really a terrific idea... Picture higher-level routers that only recognize the first IPv4 part of the address and pass packets on to the leaf routers. Such a protocol would require only minimal and thus cheap upgrade of firmware for most hardware on the Internet, not to mention that their 32-bit CPU's would still perfectly do the job.
And so the whole address space would become a tree, just like the domain name system.
(After all, for simplicity of the user-end routing devices, each node's MAC address can be appended to the 4-byte IP address, for example, which will turn IPv4 into the forgotten IPX... The first 2-3 bytes of the MAC address can be changed in each node to reflect the local tree structure in your LAN/WAN. Something like NAT, but with a bit more complicated IPX-like structure in your private network... TCPX?)
As for other "benefits" of IPv6... Autoconfiguration is dangerous since it can be spoofed in large and weakly controlled LAN's. I never really trust DHCP, UPnP and other "smart" guys and try to avoid them whenever possible.
Everywhere in the world, except the USA, has run out of IP addresses
With my cable ISP (in Switzerland) a standard package costs more than twice as much with a static IP address as without one. If it weren't for companies like DynDns.org, I wouldn't be able to host web sites at all.
(Not a plug for Dyndns, there are others equally good that do the same thing, I just happen to use them).
You mean the USA will not use IPv6 (because it has got 70% of the IPv4 address space, more than enough for the foreseeable future). Everywhere else has run out of IPv4 addresses, including Europe. They are rationed by price - a standard cable package with a static address costs more than twice as much here as one with a dynamic address.
the world does not need more than the 4 billion addresses available with IPv4,
What you really mean is that the USA doesn't need more than 3 billion IP addresses. You're probably right, but it's irrelevant to most of the world's internet users.
IPv6 addresses are too large
You may have a point, 32 bits was too small but 128 bits is overkill. However, the time to argue this point is long past. The disadvantages of a 128-bit address space vs a 64-bit address space are not as big as you claim (other posts have addressed that). IPv6 is an accepted standard now, it's time to run with it, not try to change it.
Its also about new features in the IPv6 protocol and network design. IPv6 aware apps is also caugth in the moment22. When it finally comes it will be like flushing the toilett. I guess DNF will be IPv6 multiplayer (DNF may though outlast IPv6 in the vapor-race).
Did anyone else wonder, "whatever happened to IPv5?"?
Well, this seems to be the answer...
Cheers & God bless
Sam "SammyTheSnake" Penny
IMHO, the real issue is that most content providers don't want IPv6, and most ISPs don't want it either, for largely the same reason.
IPv6 keeps alive the original spirit of the Internet - end-to-end. The network is dumb, the endpoints are smart. Even if there may be a lot of intelligence built into the network, it's purpose is to look dumb, and simply deliver packets from one end to another.
That's not the way the Internet has been heading. Unfortunately, the Internet is being driven toward a smart-broadcast model, where there are content providers and content consumers. It's two-way to the extent that the consumers can specify what they want from the providers. Business types also like the idea of smarter routing, so "premium" customers can get their packets routed ahead of us rabble. You know, buzzwords like "differentiation" and "value-add pricing" apply here.
It's also worth noting that most people do only two true end-to-end activities, in the original spirit of the Internet - email and filesharing. Now we find email under assault by spam, and we're approaching the point where some people would accept ANYTHING to stop it. I fear that unfortunately, that solution may well be some sort of client-server or content provider based system. As for filesharing, we know what The Powers That Be (??AA) think of that. So from those points of view, true end-to-end *should* be deprecated in favor of client/server.
As for the ISP side, the smart-broadcast model suits them just fine. Smart users who want true end-to-end are just a pain in the neck. Perhaps IPv6 could simplify things for the ISP, but that would be at the end of a long migration process. It would certainly take longer than on quarter, and ISPs couldn't see that far into the future, for the cost savings.
The living have better things to do than to continue hating the dead.
I'll lay a bet that most US corporate websites and heavy usage educational websites (MIT) my be the last to upgrade to IP6. Why? The for the same reason /. isn't fully css. Reason being: it works great now, and it would be alot effort to change things.
Actually, IP6 itself will cause problems with some third party programs. My company uses applications that are licensed by IP4 addresses and limited to certain IP addresses. We wouldn't be able to run them if we switched. It's reasons like that will slow IP6 adoption.
IPv6 makes for nice project work, but I don't believe that it will ever be implemented in any meaningful way, at least for a good long while.
Eggheads play with it, manufacturers move to support it, but nobody uses it. When I say this, I mean, nobody is forced to use it, so nobody will make the change.
If anything should be replaced it's TCP.
C'mon -- you know you want to!!!
-- Watch the REAL Jon Katz.
It is hard to imagine that the proposed solution will ever really be needed by anyone.
By the time there are significant enough numbers of IPv6 clients with no connectivity to IPv4 web sites for this to be a potential concern for web site operators, this will have been solved on the IPv6 side of the fence. Otherwise, what value is the IPv6 connectivity? And probably this solution will not be an application-specific gateway such as the one described, but rather a more generalized IPv6 to IPv4 gateway at the edges of the IPv6 islands in the IPv4 sea. Many generalized IPv6-to-IPv4 translation technologies have been proposed and discussed by the ngtrans working group of IETF, such as RFC 3421.
No, it's called a vicious circle. viscious looks a little too much like viscous; Viscous circle sounds dirty but it might just mean a torque converter, I guess.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It is hard to imagine that the proposed solution will ever really be needed by anyone. By the time there are significant enough numbers of IPv6 clients with no connectivity to IPv4 web sites for this to be a potential concern for web site operators, this will have been solved on the IPv6 side of the fence. Otherwise, what value is the IPv6 connectivity? And probably this solution will not involve application-specific or protocol-specific gateways such as the one described (even for an important protocol like HTTP), but rather a more generalized IPv6 to IPv4 translator handling traffic leaving the IPv6 island for the IPv4 sea. . Many generalized IPv6-to-IPv4 translation technologies, such as RFC 3421, have been proposed and discussed by the ngtrans working group of IETF, and some kind of technology like this will be deployed long before anyone really needs a solution like the one proposed.
thanks!
an offtopic q... how could i have sent
this thanks more privately? the closest
option i saw slashdot offering was to
mod you as a friend, is there no pm when
a
I would really like to switch to IPv6, but don't I have to wait for hardware support? Can I use IPv6 on my wireless network using D-Link bridges? I run a small WISP and asked about IPv6 before. I did not get any answers on how to run it on my current configuration. I do think that it would help a lot with my routing issues.
The above is not worth reading.
Most of the client software my family uses still doesn't support IPv6, so despite the fact that I have my network set up to route IPv6 through 6to4 it rarely gets any use. There's not much point in ISPs supporting IPv6 until a majority of client applications support it too. Just about the only thing I've ever used IPv6 for was pinging a couple of servers to see if it was working and spending a short while as an IPv6 client on an IRC network, but even then I couldn't use my client of choice so I just went back to IPv4 after a week.
128 bits for IPv6 addresses are divided into a 64 bit "network id" and a 64 bit "host id". The 64 bit network id isn't overkill. You could argue that, given allocation realities, and the need for several levels of aggregation, that it isn't enough.
But 64 bits for the host id does seem excessive. Most of the time, it is onlynecessary to provide enough bits to uniquely identify a host within its network. 64 bits is considerably more than is required for this, and is enough to give every host a globally unique identifier independent of the network ids. In fact, most hosts will have a host id that is based on their unique MAC address, and even this would have required only 48 bits. The long host ids were done to permit autoconfiguration. But they raise privacy issues, and it doesn't seem logical to me that every one of trillions of network packets needs to carry a globally unique host id for the sake of an autoconfiguration event that happens only when the host joins the network.
Yeah, you do that.
Most sysadmins have other things to do that work on promoting a protocol for no special reason.
there are dozens just in my area competing to provide Internet service over DSL.
They can't if the phone company drags its feet on putting DSL in an area, and the cable company is unwilling to offer a /64 worth of IPv6 space to residential customers or open its last mile to competitors. Are they supposed to make their own fixed wireless network? How would they afford the FCC licenses for such an app?
Evidence to support this claim? Most consumer broadband embedded routers do firewalling as well as NAT.
Did you read any of the other messages in this thread? I have already explained it quite clearly: NAT does NOT filter anything. The standards don't specifcy that it does and I don't know of any implementation that does. I have given examples of how to go straight through a router that is only doing NAT and not filtering. Port forwarding has nothing to do with it because outsiders can esablish routes to your internal network which does not depend on NAT or port forwarding or anything. Again, read the other messages in this thread, I explained it several times as did several other people.
Firewalls already are very important. Practicaly everyone is using them already.