Slashdot Mirror
Accelerating IPv6 Adoption With Proxy Servers
jgarzik writes "IPv6 presents a catch-22: the most popular web sites on the Internet
don't have any incentive to switch to IPv6 until a large portion
of their userbase is on IPv6, and their user base does not have a
large incentive to switch to IPv6 until many of the popular Internet
destinations support IPv6. My proposed solution is simple: Configure a proxy server that
serves IPv6 requests, passing those requests through
to underlying IPv4-only servers that not have yet been transitioned
to IPv6.
This article describes how to configure Apache's proxy server to fill this role, and suggests a few ideas for use."
Is it just me? I can't see any AAAA records for ipv6.org itself. I would have thought they would be the FIRST to change.
Karma: It's all a bunch of tree-huggin' hippy crap!
It seems to me that it would be really useful if the little off the shelf linksys/dlink/netgear/etc. routers did ipv6. I don't see it really being used until hardware starts using it.
On top of that it's my understanding that NAT should go away with ipv6. What is everyone with an internal network to do for IPs then? I've heard you can get free ipv6 blocks right now but they can be revoked once everything goes "live" but I don't want to deal with that.
Ultimately I guess I really want NAT ipv4 for inside my network until my hardware can hand out ipv6 addresses that I own forever.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Nice try, but that's not a Catch-22.
A Catch-22 is when the solution creates the problem. From the book (yes, there was a book) if the doctor diagnosed you as crazy, you didn't have to fly any more bombing missions. The catch was that you would have to be diagnosed crazy by a doctor to want to fly more bombing missions. Thus, by achieving the status of "unfit to fly", you were actually certifying yourself to fly.
What we have here with IPv6 is two parties with no immediate reward for an investment. If one of them stepped forward, the other would step forward, and the world would enjoy IPv6. There is nothing about this that is remotely close to a Catch-22.
That killer app may be VoIP. If everyone wants their own IPv6 phone number.
Or that killer app may be someone coming up with an awesome spam/virus/security solution that requires features found in IPv6.
But just wanting people to switch for no good reason will never work. Market forces...
Ironically, the word ironically is often used incorrectly.
And get me some IPv6 addresses? Which, if any, ISPs/hosting companies support IPv6? Who do I talk to to reserve me a chunk of space so when my bacasswords ISP gets in line, I can get me some public IPs for my boxen at home?
There are just a few other reasons to switch to IPv6...
0 0/presentations/YanickPouffary/sld025.htm
http://www.ipv6forum.org/navbar/events/birmingham
Also, from another site:
*
A powerful addressing scheme that makes possible the allocation of public addresses to every device inside home networks
*
A protocol specification more powerful thanks to the extension headers
*
Restore the end-to-end of the Internet and facilitate the peer-to-peer communications
*
Simple: Plug and Play (thanks to stateless autoconfiguration)
*
A larger range of services to propose to customers
*
Security is natively defined in the protocol
*
IP mobility optimized
*
Multicast mode easier to deploy
*
(For the ISP, routing process more efficient)
This may be a bit OT, but I'm reading many people talking about NAT like it's some horrible thing.
As a longtime NAT user I like the fact that just one of my computers is hooked to the real internet and the others can't be diddled by outside computers.
Even if I had unlimited IPs, I'd still probably do it this way.
vk.
Most people know that IPv6 delivers a bigger address space, and IPSec security. But what ever happened to its multicast tech? Is anyone sending a single multimedia stream over IPv6 to multiple recipients, without having a separately addressed packet stream like in IPv4? That feature would be the most timely, arriving just as large audiences are developing for online streaming multimedia content.
--
make install -not war
People will use IPv6 when they need it; when every device you have needs it's own internet connection, and routing/NAT will no longer do- providers will switch to IPv6, it'll happen basically overnight, though the use of a consortium.
And even then most people will just take there shiny IPv6 address, NAT it and use IPv4 internally.
-Millions of Monkeys, Millions of typewriters, 6 hours of sorting through faeces encrusted pages to find: This post
A purpose for NAT is the closed-by-default firewall that its common implementations provide as a useful side effect.
See comment here. NAT has nothing to do with people running thier box with admin access rights. It has nothing to do with people who blindly open attachments, or do not use a good firewall, or do not use an AV program. NAT is a flase sense of security.
Seriously, what problem is this solution solving?
:)
I run ipv6 here at my site, every PC ont the LAN is using it.
Inside the LAN its almost totaly native IPv6. Only the printers are IPv4 only. When surfing the web, the users browser does a AAAA DNS lookup, if it succeeds, then it does a native IPv6 connection. If you try to connect to IPv4 only site (very common), then the PC initiates an IPv4 connection. Our Internet router provides the IPv6 tunnel and does NAT'ing for IPv4. Its all totaly transparent, requiring no end-user setup or mucking around with.
I regularily use IPv6 websites, and I don't notice that they are IPv6 unless a) the website notifies me I'm connecting over IPv6 (eg http://www.ipv6.org/) or b) i look at the traffic going through.
The only thing I could do to "improve" the situation here would be to have my ISP IPv6 aware, so I didn't need to use a tunnel broker.
The way that would work would be the ISP would issue a single IPv4 address and a IPv6 prefix on connect. Then the would would be a great place
All my applications I write are IPv6 aware, infact they are primarily IPv6 applications with fallback to IPv4.
Most applications you use today are IPv6 aware. The next step for IPv6 is hosting companies and ISPs proving IPv6 natively. This will happen once the backbone routers are fully IPv6 aware.
Nick
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
At the current rate of non-progress, IPv6 will never reach critical mass. IPv6 needs a jumpstart.
IPv6 is getting its jumpstart. From the upcoming mobile IP vendors. They want IPv6 for tracking their phones/modems (for which they can't buy enough IPv4 address space to be confident of not hitting a wall). So they have made it a checkbox on equipment acquisition (i.e. you don't sell 'em a router unless it has IPv6 - period).
Since they're talking equipment purchase totaling into the billions this is NOT something the equipment vendors are ignoring.
Once there's a bunch of endpoints out there that can only be reached by IPv6 (or NAT/tunnel servers bridging to it) there will be a lot of pressure to migrate the rest of the net.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Subject line says it all.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Either he didn't read the article or he has NO idea what a reverse proxy server is.
The reason that people implement reverse proxy servers it to protect the systems "behind" them, you want EVERYONE to use your proxy server because it appears to be the "real" system as far as "internet users" are concerned.
I have implemeted reverse apache proxy servers to protect insecure IIS systems from many kinds of attacks.
Looks like most of these posts are gonna explain why a proxy server is a bad idea, bla bla bla because everyone will use it, well GOOD YOU WANT THEM TO USE it so they can get to your system.
-=Linsys=-
http://www.intrusionsec.com
I would guess that the killer app for IPv6 would be instant messaging. A lot of people use it, and a lot of them use it to send files. Configuring a client to be able to receive files from behind a NAT can be a pain (how many home users know enough to set up port forwarding?). The same is true, although to a lesser extent, of peer to peer file trading clients (which are certainly popular amongst the less technically competent). Anything that requires the user to be able to accept incoming connections is trivial with IPv6, and complicated with IPv4+NAT (even with UPnP, which is by no means universal).
I am TheRaven on Soylent News
Maybe they will dump fixed 128-bit addresses, and make them variable length instead, so that new addresses may be allocated where they are needed...
This is really a terrific idea... Picture higher-level routers that only recognize the first IPv4 part of the address and pass packets on to the leaf routers. Such a protocol would require only minimal and thus cheap upgrade of firmware for most hardware on the Internet, not to mention that their 32-bit CPU's would still perfectly do the job.
And so the whole address space would become a tree, just like the domain name system.
(After all, for simplicity of the user-end routing devices, each node's MAC address can be appended to the 4-byte IP address, for example, which will turn IPv4 into the forgotten IPX... The first 2-3 bytes of the MAC address can be changed in each node to reflect the local tree structure in your LAN/WAN. Something like NAT, but with a bit more complicated IPX-like structure in your private network... TCPX?)
As for other "benefits" of IPv6... Autoconfiguration is dangerous since it can be spoofed in large and weakly controlled LAN's. I never really trust DHCP, UPnP and other "smart" guys and try to avoid them whenever possible.
Bulllarky about the major telecoms.. I work for a major hardware supplier (we make the MSM's that go into most CDMA cellphones), and I am specifically working on implementing IPv6 in our software. It is the major telecoms that are pushing us to do it, not the other way around. (One starts with a V... the other starts with an S..)
They want to start rolling out services that will require full time IP connectivity to EVERY phone. If you start doing the math thats a major chunk of the IPv4 address space. Their only option is IPv6. IMO the major telecoms are going to be the FIRST folks to adopt this wholesale...