The Next Net

Qa32 wrote to give a heads up on a BBC article discussing the IETF's plans for the future, including information on VoIP, IPv6, and security concerns. From the article: "Given the net was designed for the whole community, it has done well to reach millions. If you want to reach the whole population, you have to make sure it can scale up."

Mass media distribution

[thundercatslair]

IPv6 is nothing, it was just created because we are running out of IP addresses quickly. The future as I see it is mass distribution of media. Instead of running out and buying movies you could download the whole dvd and watch that.

Re:Mass media distribution

[killawatt5k]

Too late... *downloading a dvd as I type* Me too.

Re:Mass media distribution

[mboverload]

First we need download speeds that are even close to our Asian neighbors.

It is pathetic that even poor people in South Korea have lines for 20 bucks a month at 25 mbps. America the leader in tech? I beg to differ.

Re:Mass media distribution

[arturov]

South Korea is also just a *teensy* bit smaller than the US. The infrastructure costs required to wire all the areas in the US with 25 Mbps speeds would be enormous. Also, just how many people can afford 20USD/month in South Korea? Does this include "the poor people"? Quit trying to compare two vastly different situations just to bash the US.

Re:Mass media distribution

[Chris+Kamel]

Your neighbours here in Egypt pay 150EGP a month (in salary terms it's equivalent to like $300, in exchange rates equivalent to $25) for 256KBit/64Kbit aDSL line...

Re:Mass media distribution

[Doc+Ruby]

These comparisons are normalized to scale. Why doesn't *anywhere* in the US, like a Korea-sized area around NYC encompassing 50M people, get 25bps for $20? Where lots more people have $20:mo? Could it be that the situations are vastly different in the agressiveness with which the respective telcos are pursuing innovation? Or are you saying that Koreans are somehow innately more bandwidth-hungry than Americans?

Re:Mass media distribution

[cartzworth]

Verizon just laid fiber in my neighborhood (suburban Pennsylvania) and are rolling out 15mbps for $40/month. Not bad.

Re:Mass media distribution

[Freexe]

Me three!

Re:Mass media distribution

[pmjordan]

Korea is a lot more densely populated than the USA, or most of the western world, as far as I know. It makes a big difference on returns if the infrastructure you're laying down is reaching 10 times as many people per unit length.

That doesn't explain the excellent, although probably not quite as good, internet connectivity in Sweden and the Netherlands.

~phil

Re:Mass media distribution

[LighthouseJ]

Only on Slashdot can you make some wild accusation like the US is the leader in technology (who says we are?) and then correct your own made up shit and be moderated as funny all the way up to 5.

As far as this population density stuff goes, few people mention the cost of living differences between South Korea and the United States. Sure, $20USD (15.4EUR)sounds miniscule to us (any first-world country really), but that could be a big percentage of a South Koreans households' take-home pay. The telecom companies that serve broadband connections have to charge the amount of money they think their customers will pay while maximizing their profits (basic economics). You simply can't charge a South Korean family the same you'd charge an American family.

Re:Mass media distribution

[arturov]

A step in the right direction, but the speed is still quite low compared to other more developed countries.

Only if you gauge a country's level of development by starcraft player density.

Re:Mass media distribution

[Doc+Ruby]

I get 6Mbps residential RoadRunner for $50:mo in NYC, which used to cost $25K over fractional T3 only to businesses, so I'm kinda happy. By the time they deliver 25Mpbs for $20:mo, Koreans will have 155Mbps.

Re:Mass media distribution

[Hogwash+McFly]

Quit trying to compare two vastly different situations just to bash the US

You know, not every negative observation about the United States is an attempt to jump on the 'US Bashing' bandwagon.

Re:Mass media distribution

[Doc+Ruby]

We've subsidized the telcos and the broadband buildout in the US every way possible. We should demand the return on our investment. Instead we're resigned to feeding our monopolies and losing our leadership.

Re:Mass media distribution

[Doc+Ruby]

What about the Korea-sized swath from DC, through Philly and NYC, to Boston? It's pretty densely populated with rich media consumers. Why not just in NYC, where only 10% of the fiber is even lit, and we're among the richest, hungriest media consumers on the planet? Could it be that broadband providers are limited by their bizmodel, defined by the regulations they lobby incessantly to retain? That their lazy management is more interested in the low-hanging fruit of overcharging for pay-per-view of the movies they own, rather than opening up the infrastructure to competition from every shop with real broadband, or P2P?

Re:Mass media distribution

[Yokaze]

25bps for $20? Poor lads. I hope, it is more along the line of 25Mbps. :)

I think it is because the telco-market in the US has been fairly agressive, which didn't leave much room for investments in the future.

The bandwidth we enjoy outside of the U.S is usually the result of previous "investments" in state monopolies. The investment resulted in having a good infrastructure. Overspec'ed, just to telephone with.

Today, years after liberalising the telco-market, the companies can use this infrastructure in place and people don't have to pay as much, since the costs have been already payed. The competition drives the costs even further down.

Re:Mass media distribution

[plague3106]

It also breaks down when you're talking about places like NYC...where you SHOULD be ablet o find cheap 50mpb access.

Re:Mass media distribution

[irix]

For DSL, getting this kind of speed is predicated on local loop length. Some major North American providers are now putting in FTTN (or even FTTP) which will make local loop lengths short enough for VDSL, which will get you your 25 Mbps, or even higher. This builds out the infrastructure needed for triple play (data + video + voice).

This hasn't been done previously in North America because getting that much fiber laid wasn't economically feasible here. That is starting to change. It doesn't have anything to do with technology leadership - the technology has been around for a long time, it has just been a cost issue.

Re:Mass media distribution

[Doc+Ruby]

What US competition? The telcos spent their money acquiring each other, and building extra infrastructure they don't want to sell, because it would create competition for their pay-per-view and telephony businesses. "Aggressive", sure, but not for innovation.

Re:Mass media distribution

[sonoluminescence]

South Koreans are not all that poor.

Every post seems to be suggesting that south korean is some third world country, with the economic strength of Uganda when the reality is that their GDP per capita is roughly equivalent to that of lesser EU nations.

Re:Mass media distribution

[LighthouseJ]

Checking out this article, it says the South Korean government instituted an aggressive policy to bring broadband to more areas. The United States doesn't have this, the United States broadband speed runs at the telecom companies willingness to increase speed. If they can extract X dollars for Y Mbps speed and make a nice profit, why spend a ton of money to extract 2X dollars for 5Y Mbps speed (meanwhile your profit margin shrinks) for customers without your government giving you money and saying "do it now". Just get the US Federal Government to pull money from defense spending and pour it into public works like broadband. If the government helps to pay for the cost to do the massive overhaul, that will lower the average customers bill because the money would come out of your taxes and not your monthly bill. I personally don't care, my 4Mbps is just fine for my uses. There's more problems in the world today than if my broadband speed is 4Mbps or 25Mbps.

Re:Mass media distribution

[x2A]

I'm happy with my 640k.

You should be, 640k should be enough for anyone.

Re:Mass media distribution

[AmberBlackCat]

It is pathetic that even poor people in South Korea have lines for 20 bucks a month at 25 mbps.

It's pathetic how badly that statement was worded. It seems to attack the poor people in Korea rather than the rich people in America, where the problem lies.

Re:Mass media distribution

[khallow]

As one of the many consumer sheep of the US, I offer my humblest apologies for holding back 25 mbps service. I hope someday, you can forgive me.

Re:Mass media distribution

[coopseruantalon]

Only Old Korean people have Broadband connections. Also in North Korea the Media distributes you!

Re:Mass media distribution

[emil.ede]

It is pathetic that even poor people in South Korea have lines for 20 bucks a month at 25 mbps.

No, it's great that poor people in south korea have cheap connections you egocentric ass.

But yes it sucks for americans to have a bad infrastructure. Maybe if you payed a little more in taxes so the state could build it, like we do in sweden. But I guess I shouldn't go there. Yucky socialism and all ;)

Re:Mass media distribution

[NanoGator]

"First we need download speeds that are even close to our Asian neighbors."

Uh, right. We don't need 25 megabit connections for movies. 150KB/s is enough for streaming a dvd quality video (MPEG4 compressed). I regularly get 400KB/s thanks to my handy-dandy cable modem. Heck, a few years ago I was subscribed to an on-demand service that worked pretty well. Pity it went bye bye. :(

Re:Mass media distribution

[ampmouse]

Go ahead, call a telco and tell them you want 25 Mbps to an American residence. I dare you.

I think they would be very happy to give you 25 Mbps to your house! You just have to be willing to pay them $10,000 a month! (Hint: It's called a fractional T3.)

Re:Mass media distribution

[arron_nz]

I guess in North Korea, only old people have 25mbps connections.

Re:Mass media distribution

[trafficEng]

when you talk about ipv6 please go a bit deeper than just the big address space, think in: - security standard for IP, just think how good it would be if DNS was authenticated... - better routing using hierarchical network addresses and flow tagging (for your dear mass media distribution) - mobility support not to mention support to bring next gen cellular networks to IP - autoconfiguration of network interfaces with addresses, gateways, etc much better than current DHCP or even better with DHCPv6 - anycast - having only one address for all the world's DNS servers - and for those who think nobody needs so many addresses just think in tiny sensor networks and NAT is just what is holding back the media on the net, for every new protocol you need (RSVP, SIP) you need to figure out a cumbersome way of getting through the stupid NAT devices. NAT is no security, if you need to let something in (even through port 80) you will be exposed to trouble anyway. i guess someone was talking about badly designed protocols - RSVP and SIP - what's the concept of well designed protocols - hammer your way through port 80 so that you can get through NAT?

Re:Mass media distribution

[jonadab]

> Every post seems to be suggesting that south korea is some third world country

It was a third-world country when most of us were in school. South Korea has
really only crossed the line into being a first-world country within the last
couple of decades. Have patience; the world will catch on in time. Everyone
knows Japan is a first-world country, but they've been one for a bit longer.

Also, per-capita GDP is not the main way to determine first-world status.
Any statistic measured per-capita can be fooled by a high standard deviation.
You really want to look for certain indicating factors:
* The literacy rate (granted, for most countries, including the US, it's
impossible to get a really reliable number here) should be high.
* Better than 99% of the population should have indoor plumbing.
* Better than 99% of the population should have reliable (360+ full 24-hour
days per year) electrical power.
* There should not be any subsistence agriculture in the country at all.
South Korea has only even *started* to meet these criteria quite recently,
by historical (as opposed to internet) standards for what is "recent".

Interesting quote

[Anonymous+Brave+Guy]

From part-way down TFA:

"The top priority is to ensure that the standards that make the net work, are open and free for anyone to use and work with."

Interesting for many here that the new guy at the head of the IETF seems to give this issue such emphasis.

Re:Interesting quote

Interesting for many here that the new guy at the head of the IETF seems to give this issue such emphasis.

Why? I'd say that it's quite logical -- if you want to ensure flawless communication, then free (so that everyone can use them) and open (so that everyone can understand them) standards are obviously better than a bunch of closed ones that may not be interoperable.

Re:Interesting quote

"Interesting for many here that the new guy at the head of the IETF seems to give this issue such emphasis."

You mean just like the standards that make the existing net work?

Actually, my biggest fear is VoIP - not directly, but the flak it will take from the telcos. I think we'll see some serious posturing from them as VoIP as a core feature on a internet upgrade would destroy their revenue model, not partly, but totally. They won't own the network, and they don't make the phones, they'll become a redundant middleman...

Re:Interesting quote

[Peaked]

We can only hope that VoIP destroys their revenue model. The big telcos in the U.S. are all too content to sit back and rest on what they have rather than moving forward. I agree that we're likely to see even more lobbying by the telcos for protectionist legislation.

Re:Interesting quote

[Mancat]

Well then, they'd better get Macromedia to make Flash completely open. Flash is pretty much a web standard now. It needs to be an open standard, with an open-source client.

Re:Interesting quote

[ampmouse]

It needs to be an open standard, with an open-source client.

It might not be an open standard, but Flash does have a Open Source Client.

Re:Interesting quote

[amRadioHed]

"Interesting for many here that the new guy at the head of the IETF seems to give this issue such emphasis."

You mean just like the standards that make the existing net work?

Of course we all know that the current standards the net uses are open and documented in various RFC's, but you can bet that companies like MS would love to see this change. That's why this comment is interesting. It good to see that the head of the IETF doesn't plan on caving in to the interests of BigCorp as groups like Congress tend to do.

Just make sure...

[advocate_one]

you keep patents out of the standards... Microsoft have been trying to stick one in for the basic premises of IPv6... and surprise, surprise... they were also involved in the standards committee...

Those familiar with the meetings of the IETF as the committee hammered out the IPv6 IP address discovery system told eWEEK.com that Microsoft was actively participating in those discussions back in late 1997 and early 1998. Microsoft left the meetings and filed a patent for work on which there already existed numerous RFCs (requests for consensus)--basically the legislation that runs the Internet.

Re:Just make sure...

[drinkypoo]

It is stupid, but it's also accepted use in the UK. It is basically wrongheaded since corporations are by [legal] definition a singular entity.

Re:Just make sure...

[andreyw]

RFC stands for "Requests for Comments," btw.

Re:Just make sure...

[David+Off]

> "Microsoft" is a singular noun.

I thought they were the borg collective.

Re:Just make sure...

[whathappenedtomonday]

I thought they were the borg collective.

you are a(nother) victim of subliminal manipulation through /. section icons. I wonder what that hideously green worm will turn us into...

We need help from big players

[michelcultivo]

This history of IPv6 will never be introduced on our planet when the big players (ISP, Datacenters) and universities start using our their network. Someday I asked my Internet provider when will they start using IPv6 on dial-up networks, imagine what response did I got? "IPv6??? What is it"

Re:We need help from big players

[Jellybob]

Get a real ISP then, my ISP (Andrews & Arnold) assigned a v6 block to me, and have been doing so for at least a year.

Dosen't the internet scale?

[blanks]

"If you want to reach the whole population, you have to make sure it can scale up."

I thought with the current schema the internet uses it was allways setup to scale and allow for redundency, where one section can do down and a new one can take place. Or new networks could easily be added, and expanded off of.

Even new technologys like P2P and torrent etc were able to come out, still functioning correctly with the internet with no changes.

Maybe they mean the ability for the technology to scale up, meaning situations like the IPv6 would not be such a consern. But then again IPv6 is a huge change to the entire structure of how the internet functions.

Re:Dosen't the internet scale?

[mboverload]

The internet is not as robust as you think. Have a few DNS servers go down (as we saw some months ago) and the whole web is fucked.

Re:Dosen't the internet scale?

from my understanding, IPv6 isn't THAT dramatic of a change from IPv4. It's all in the addressing. Your NIC doesn't really CARE what address it has. For that matter a router shouldn't care what is really going on with the addresses other than "This packet goes here and that packet goes there". IPv6 makes that a little different but not totaly alien.

There will still be subnet masks and that will still be what a router uses to move packets from one network to another. Once a packet is on the "correct" network its all about the MAC address from that point on.

This whole bit about scaling up is addressing. What you really need to worry about is some sort of DRM trickery but this guys sounds on the level.

Re:Dosen't the internet scale?

No it's not.

The DNS system is fucked. If you know the IP of the web sites you want to visit, you can still access them.

Re:Dosen't the internet scale?

[Bishop]

There are some issues that are making it hard for the Internet to scale up. For a few years now there have been issues with the size of the routing tables on the major routers. It is nice to think that this is just a hardware issue and new routers would solve the problem. But that would be ignoreing the economics of the situation.

Re:Dosen't the internet scale?

[secolactico]

Have a few DNS servers go down (as we saw some months ago)

Whoa, did I miss something? What happened some months ago with the DNS?

Anyway, root servers are all over the world as far as I know, so there's plenty of redundancy there. Even TLD and cTLD have replicas all over the place.

And even if the whole DNS structure came down, "the internet" would be still up. Only the name resolution service would be down.

You would need a full scale DOS and take down most of the tier 1 providers (not unthinkable with all the zombies out there) or take advantage of router/switches vulnerabilities (some ISPs rely *far* too much on Cisco. Homogeinity breeds weakness).

Or you could poison the BGP routing table, but most ISPs filter those, anyway.

The next IP protocol needs to make harder IP spoofing. I think I read somewhere that IPv6 supported IP authentication or somesuch.

Re:Dosen't the internet scale?

[whathappenedtomonday]

If you know the IP of the web sites you want to visit, you can still access them.

now I finally have a use for the mountains of dns cache printouts that I keep in the basement! lucky me...so please everyone go DoS DNS. I don't care, because I have a workaround!

Next net, but for whom?

[E+IS+mC(Square)]

"In a sense, we have hardly started in reaching the whole population," the new chair of the Internet Engineering Task Force (IETF), Brian Carpenter, says.

And I thought it was about developing something which will help for the "rest of the world" to connect to the net, so that we (?) can reach to the whole popluation.

But nope... it was about "
With broadband take-up growing, services like voice and TV will open up interesting challenges for the net."

Strike three for those poor sods.

Re:Next net, but for whom?

[drinkypoo]

IPv6 is better over slow connections, too. Many classic applications have already been made to support IPv6. You know, including (dun dun dun) web browsers. Hell, games that use directplay will even work over it. Supposedly :)

An observation on IPv6

[wowbagger]

Here's a little observation about IPv6 - very few major web sites have an IPv6 address.

Try it yourselve with dig or nslookup - try looking up AAAA records for any of the sites you visit, and see how many would be accessible via IPv6.

For example, try

dig slashdot.org aaaa

Re:An observation on IPv6

[jrcamp]

Please read about Transition Mechanisms for IPv6.

This is not an all or nothing thing. We do not have to turn out the lights on IPv4 before we can start utilizing IPv6.

Re:An observation on IPv6

[WeblionX]

I'm using Windows you insensitive clod!

Re:An observation on IPv6

[WeblionX]

Er, dang. Actually, I just got nslookup to work. Your tag fooled me into doing dig.

Re:An observation on IPv6

[wowbagger]

True, IPv4 addresses are a subset of the IPv6 address space.

However, if the site in question does not support IPv6 packet formats, then an IPv6-only host would not be able to contact the site, as the site would not be able to form the IPv6 packets back to the requesting host.

So either the requesting host would have to have an IPv4 address available to it (either directly or via NAT), or the requesting host would be unable to access the site.

And the simplest way a web site can advertise its ability to support IPv6 is to have a AAAA record in DNS.

Re:An observation on IPv6

[iabervon]

Very few major web sites have AAAA records. But a regular A record gives you an IPv6 address, because the IPv4 address space is included in the IPv6 address space. Chances are that current sites won't generally move to IPv6-only addresses for a long time, just because there's little reason to discard an IPv4 address you already have, or to get a second IPv6 address in addition to the automatic equivalent. Slashdot, for example, has the IPv6 address ::66.35.250.150, aka ::4223:FA96, and will probably keep using it even when all of the machines on its local network are using IPv6.

Re:An observation on IPv6

It's expected that transition stages (different people will pass through these at different rates according to their needs & budgets) will include

1. Most systems having IPv4 only, IPv4 is used for all internal & external services

2. Systems have IPv4 and IPv6, but IPv4 is used for internal services, some IPv6 external services are used without specific engineering (this is what you get if you set up a modern OS X, Linux or beta Windows these days by default)

3. Internal services become available on IPv6 (often a single config line or radio button)

4. Most systems have IPv4 + IPv6, a few are IPv6 only due to address constraints etc. Internal services are mostly used from IPv6. External services are a mixture, with some essential services translated (e.g. by a web proxy) for IPv6-only machines

5. Most systems have IPv6 only, internal services are IPv6 only, some external services remain IPv4, translated either locally or remotely.

The last few phases resemble what happened with green screen terminals. A lot of people thought these terminals couldn't be removed from desks for a century or so, but in fact they were replaced firstly by emulators running on PCs, and then by a web frontend running on a remote server. The software at the backend may still believe in VT100s for as long as it likes.

--

IPv6 wipes out unsolicited IP traffic. With subnets containing 2 ** 64 instead of 2 ** 8 or less hosts, the chance of a randomly generated IPv6 address being "live" is virtually nill. Therefore worms and other malware that "scan" addresses at random will die out on the IPv6 Internet. That's just one of many hidden advantages to upgrading.

Re:An observation on IPv6

[LordHunter317]

Except you're wrong about the address.
It's ::ffff:66.35.250.150

Re:IPv6 Not Enough?

[Anonymous+Brave+Guy]

I've read that people plan on embedding ips on everything from lights and toasters to make them work in concert so if every device were to need an ip address I don't think that IPv6 would hold up.

I can't remember which is greater, the number of available IPv6 addresses or the estimated total number of atoms in the universe, but either way you can rest assured that there will be more than enough IPv6 addresses to handle any foreseeable addressing needs we're going to have any time soon, even if everyone winds up with dozens of personal IP-assigned devices.

Wow! think of all them IP addresses.

[pg110404]

I believe IPv6 has something like 50 addresses for every square foot of land on the earth.

That's amazing. Soon we'll be able to wire up our entire house and everything from the fridge to the alarmclock would be accessible from the internet.

I only hope if it gets to that, nobody can hack into my microwave when I'm cooking my dinner, or someone hacking into my alarm clock and messes with the settings.

If microsoft does good on their desire to control it all, they'd better finally have some reasonable measure of security. I wouldn't want to wake up to find out some low life got to my hot water heater and turned it off because of a buffer overflow vulnerability.

Re:Wow! think of all them IP addresses.

[tquinlan]

They have this other thing called "NAT" (Network Address Translation). You could use it to assign every device in your house a 10.0.0.0/8 (I think that's the CIDR) address, and still only present one IP to the public internet. It's what's making IPv6 so slowly adopted - it's unlikely that you'll have more than 16,000,000 devices in your house.

Re:Wow! think of all them IP addresses.

[simonwalton]

...or that some asshat exploits a security hole in your wifi-enabled belt buckle and your pants fall down while you're in town shopping for an internet-enabled screwdriver that has a camera and mp5 player built into it. Man, I'm so ahead of my time.

Re:Wow! think of all them IP addresses.

In reference to the parent, there's a few more than 50 IPv6 addresses per square foot. More like 655,570,793,348,866,943,898,599 addresses per square meter. And, that's a bunch, people. That's like...bigger than a hundred!

But, I look forward to IPv6 coming into force because PAT (Port Address Translation, which is what you're referring to) breaks the Internet. Breaks it. I'm forced to funnel all communication from outside in through a single IP address. This has created the need for UPnP and other horrors. With IPv6, you can have as many external real Internet IPv6 addresses as you have internal ones. Then, we can use real NAT with a simple firewall at the edge of our network, and every single machine on your network will have a direct and different IP.

Tired of port translation? Tired of having to jump through hoops? Want that 'Skype-in' to work on multiple internal computers? Start bothering your ISP to begin moving towards IPv6!

Re:Wow! think of all them IP addresses.

[digitalsushi]

from http://engr.smu.edu/~tchen/eets7304_spring05/hw5_s oln.pdf

Problem 8. (IPv6) (a) Given that IPv6 addresses are 128 bits, calculate the total number of possible IPv6 addresses. (b) Calculate the surface area of the earth in square feet. Consider the radius of the earth as 3,963 miles, and one mile is 5280 feet (the surface area is 4ðr2). (c) Calculate the number of IPv6 addresses per square foot of earth surface. (d) Repeat the same calculations for IPv4; how many IPv4 addresses per square foot?(a) 2128= 3.4 x 1038number of IPv6 addresses. (b) The surface area of the earth is 4ðr2where the radius r = 3,963 miles. The surface area turns out to be 1.97 x 108square miles = 5.5 x 10152 square feet. (c) There would be 3.4 x 1038/5.5 x 1015= 6.2 x 1022IPv6 addresses per square foot of earth surface. (d) 232= 4.3 x 109number of IPv4 addresses. Divided by the surface area of the earth, there would be 4.3 x 109/5.5 x 1015= 7.8 x 10-7IPv4 addresses per square foot.3

Re:Wow! think of all them IP addresses.

[pg110404]

They have this other thing called "NAT"

Well, that goes without saying. I'm pretty paranoid about my computer security and I hide behind 2 firewalls. The only way in is through an SSH connection tunnelled through my own homegrown encryption tunnel.

I run linux and have a standard user account, and I'm also pretty wary about what I run on said computer. If I ever did want my appliances on the net (which I don't), then I'd VPN into my home computer running 24/7 and control them from there.

I wanted to point out that not everyone is as paranoid as I am and security is an illusion. As to a NAT, hiding behind it is fine, but what's the point if you can't control it from outside? Some industries might feel compelled to convince us it's ok to do so and this is a don't let your guard down message. In even 10 years, it is entirely conceiveable to have 802.11 and/or ethernet jacks on the latest appliances. I say fine and all, just be careful.

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

NAT is no substitute for real address space. The only reason so many people use it today is because real address space is too limited.

Re:Wow! think of all them IP addresses.

[pg110404]

50 addresses for every square foot

I stand corrected. It's been years since I even given IPv6 even a first though, I forgot all about it. The 50 addresses statement would be true if IPv6 had a 6 byte address (48 bits), not the actual 128 bits (ipv4 is coincidentally 4 bytes, ipv6 is version 6, not 6 bytes long, and as I've discovered, the version and bytes in IP addresses are not related).

So doing the math (this time entire earth surface area, not just land mass, as per equator diameter with something more manageable like square millimeters):

IPv6 addresses = 2^128 = 3.4 * 10^38
earth diameter = 12,760 km
radius = 6380km = 6380000000 mm
surface area = 4 * pi * r^2 = 5.1 * 10^20 sqr mm
address density = addresses / sqr mm = 6.7 * 10^ 17

Re:Wow! think of all them IP addresses.

[hazah]

Not only that, but if you had your entire house wired up for internet access, you're still more likely to use *one* internet-to-house access point. Reuse of private network numbers increases potential address space by quite a lot. And it gives you the benefit of controlling your own special numbers of choice.

Re: Wow! think of all them IP addresses.

[gidds]

I believe IPv6 has something like 50 addresses for every square foot of land on the earth.

Actually, I believe the figure's much bigger - something like 6.2 x 10^22. (My own calculation, confirmed by one web page, though others give widely varying results. That's based on a figure of 197 million square miles, incl. sea.)

But that's not the point, because the addresses aren't evenly spread. Once you allocate some of the most significant values to various organisation, protocols, or special values, then you start to lose a good number of those. And if you split the rest hierarchically (by country/region, ISP/organisation, and/or topology), then you'll find large numbers becoming unavailable.

Of course, there's such a big number to start with that that'll still leave plenty for everyone. But the number-per-square-foot value doesn't necessarily tell you very much.

Re:Wow! think of all them IP addresses.

[cgenman]

Yes, but that number goes down substantially for every cubic foot of area that people could build. Or the number of devices that may want multiple IP's. A 50 floor office building would only have 1 per square foot, and that may be divided amongst things which, for sake of electronics efficiency, may all require an IP. IP over power lines may become standard, and everything may want to feed back state and / or tracking information over it.

Let's not forget the ever-present allocation inefficiencies. I wouldn't be surprised if cable modem providers gave each household 100 IP's, and that NAT routers were unheard of.

And in 50 years, who knows... maybe our children on Mars will be cursing our shortsightedness.

I'm not saying that IPv6 isn't a great step forward. I'm just saying that network traffic has a habit of expanding to encompass all available IP's. Wasn't it just 80 years ago that the gas engine was going to be the "clean machine" that gave humanity infinite energy and rescued it from the environmental catastrophy that was horse poo?

Re:Wow! think of all them IP addresses.

[Minna+Kirai]

The only reason so many people use it today is because real address space is too limited.

Sadly, NAT is also heavily used as a security mechanism. Have you ever heard the line "Be certain to boot Windows XP behind NAT until you've at least downloaded service pack 2"?

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

Sadly, NAT is also heavily used as a security mechanism. Have you ever heard the line "Be certain to boot Windows XP behind NAT until you've at least downloaded service pack 2"?

And even more sadly for those people, NAT is not a security mechanism at all. It can't be. All NAT can do is change the IP addresses and port numbers on packets moving through it. It doesn't actually make any decisions to drop or accept packets.

NAT is practically always used in conjuction with a firewall in these situations, but this confusion as to what NAT does and the distinction between NAT and filtering is not helping encourage IPv6 any either.

Re:Wow! think of all them IP addresses.

[Minna+Kirai]

It doesn't actually make any decisions to drop or accept packets.

If a totally unexpected packet arrives at a NAT (such as during a portscan attack), there is no reasonable way to guess which of the multiple local machines should recieve it, so (by default) a choice is made to drop it. (Of course, by "choice"- the NAT isn't making a choice then, but rather the choice to drop all unexpected packets was made by the admin who installed a NAT in the first place)

That level of protection is useful for many people.

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

If a totally unexpected packet arrives at a NAT (such as during a portscan attack), there is no reasonable way to guess which of the multiple local machines should recieve it, so (by default) a choice is made to drop it.

Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet. The packet will continue its way through the router as normal. Unless you have filtering rules (which are a totally different & independent thing) that specify otherwise, that packet will be sent right on through to wherever your routing tables specify.

Re:Wow! think of all them IP addresses.

[Minna+Kirai]

Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet.

Fine, semantics. The packet is unmodified, so its address matches to none of the TCP/IP stacks on the LAN, so it gets dropped by every PC. Not rewriting an address is effectively dropping it (unless you somehow had a local machine with an IP identical to that of your NAT box on the Internet)

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

Fine, semantics. The packet is unmodified, so its address matches to none of the TCP/IP stacks on the LAN, so it gets dropped by every PC. Not rewriting an address is effectively dropping it (unless you somehow had a local machine with an IP identical to that of your NAT box on the Internet)

You are assuming that every packet that comes down your internet connection will have a destination IP address matching your router's public IP address. That is an unwise assumption to make for at least two reasons:

1. You are effectively placing the security of your LAN into the hands of your ISP.

2. Many broadband connections present subsribers with an ethernet interface, which from their perspective makes all subscribers in the area look like they're on one big ethernet. In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.

Re:Wow! think of all them IP addresses.

[pHDNgell]

They have this other thing called "NAT" (Network Address Translation). You could use it to assign every device in your house a 10.0.0.0/8 (I think that's the CIDR) address, and still only present one IP to the public internet. It's what's making IPv6 so slowly adopted - it's unlikely that you'll have more than 16,000,000 devices in your house.

OK, and how do I address them? With one external address that's a maximum of 64k connections I can bring in. And sure, people may not be likely to have quite that many machines, it's certainly not uncommon to have enough services running to make it inconvenient to keep configuration details in sync with your NAT config.

And it's stupid. Back when I was a kid, we had DNS and we used that to let everybody know where our services were. We had firewalls and we used those to let them know what kinds of things weren't allowed to go across our various network connections.

Things are way easier and no less secure without NAT.

(mumbles something about being unable to video chats or remote management on his daughters computer due to her ISP providing it with a NATted address)

Re:Wow! think of all them IP addresses.

[Minna+Kirai]

You are assuming that every packet that comes down your internet connection will have a destination IP address matching

No, I assume that my NAT box will drop any packets whose address don't match it. That is the case with my own NAT, although I suppose others could function promiscuously, although that would be contrary to the definition of NAT. (And it would be quite inefficient, as flooding the ethernet hubs inside NATs with all their neighbors' non-matching packets) If you think that many NATs disobey that definition, then you might submit corrections to pages like this and especially this.

your router's public IP address.

You are assuming I even HAVE a router. Router != NAT... routers expose the addresses of machines behind them, NATs hide these.

1. You are effectively placing the security of your LAN into the hands of your ISP.

1. For most people, who are (as I said) sadly clueless, that security is better than if they were plugging Windows XP directly into the internet.

2. The ISP already has its hands on security for most LANs. As the ISP, they are in a fine position to man-in-the-middle and replace any software you download with trojaned versions. Those security-conscious people who make sure that everything is downloaded encrypted are safe, but they are outside the class of user I was discussing.

In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.

Once again, relies on the assumption that a Network Address Translator will pass through untranslated packets.

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

No, I assume that my NAT box will drop any packets whose address don't match it. That is the case with my own NAT, although I suppose others could function promiscuously, although that would be contrary to the definition of NAT. [RFC 3022]

As a matter of fact I did look at that RFC, and I do not even see the words 'drop' or 'reject' anywhere in that RFC or any of the RFCs related to NAT for that matter. Not only that, but section 9.0 of RFC 2663 states "NAT routers may be used in conjunction with firewalls to filter unwanted traffic".

If you think that many NATs disobey that definition, then you might submit corrections to pages like this and especially this.

First of all, I don't think NAT does this, I know it does. You can try it yourself. On linux for example, set up a masquerade or SNAT on your outbound interface, enable IP forwarding and do nothing else. Now get on a machine connected to the network on the outside of your 'NAT box', set up a route to the inside network, and watch those packets flow right in. You can follow the exact same proceedure on IOS, checkpoint and I'm sure ipf and ipfw (I've never tried doing exactly this on those, but I dare you to try...).

then you might submit corrections to pages like this and especially this.

Well the first page times out and for the second one they are probably assuming that routes don't exist to the internal prefix(es). But I agree, perhaps someone should submit a clarification along those lines.

(And it would be quite inefficient, as flooding the ethernet hubs inside NATs with all their neighbors' non-matching packets)

Yes, it would kind of suck to have your neighbors sending whatever traffic they wanted into your LAN, wouldn't it? Fortunately, in practice, nobody uses only NAT. Pretty much everyone uses a firewall in conjunction with it to drop the unwanted traffic.

You are assuming I even HAVE a router. Router != NAT... routers expose the addresses of machines behind them, NATs hide these.

You really don't know what you are talking about. It is not possible to perform NAT on something that is not a router. You have a machine connected to multiple networks and it is forwarding the traffic among them - that is the definition of a router. Wether or not that router is translating the packets as it forwards them is irelevant. If it happens to rewrite certain addresses and ports as it forwards that traffic it doesn't cease to be a router.

Enough networking 101 for tonight, gotta wake up ealry tommorow.

Re:Wow! think of all them IP addresses.

[lw54]

IPv6 can provide approximately 3.4 * 10^38 addresses or 340,282,366,920,938,463,374,607,432,768,211,456 addresses to be exact. That's ~5*10^28 for each of us.

I knew all that time studying my CCNP books would pay off!

Re:Wow! think of all them IP addresses.

[iolaus]

Wow, that comment is outrageous and dead wrong. NAT affords many advantages not the least of which is security. If IPv6 became a standard tommorrow and was available to everyone I guarentee you NAT would still be widely used! There is simply no need for every one of the hundreds of computers sitting in my office to its own public IP address... infact, it'd be a huge pain if they did.

Re:Wow! think of all them IP addresses.

[iolaus]

You are a moron and are completely overcomplicating the issue! NAT is rather simple. With properly configured NAT it is impossible to initiate a connection from the outside of the NAT to the inside... PERIOD! Networking 101 my ass, more like you talking out of your ass. Go back to school (or maybe just to school).

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

Wow, that comment is outrageous and dead wrong. NAT affords many advantages not the least of which is security.

Talk about outrageous and dead wrong. NAT has absolutely nothing to do with security... been discusseed many times. Read the other responses to this comment.

infact, it'd be a huge pain if they did.

On the contrary IPv6 has features which make renumbering easier if and when you need to do it. Barring the pain of renumbering, using NAT is actually more of a pain than not doing so if you have anything but the simplest of networks.

Re:Wow! think of all them IP addresses.

[asdfghjklqwertyuiop]

You are a moron and are completely overcomplicating the issue! NAT is rather simple.

Well it can't be simpler than a network without NAT.

With properly configured NAT it is impossible to initiate a connection from the outside of the NAT to the inside... PERIOD! Networking 101 my ass, more like you talking out of your ass. Go back to school (or maybe just to school).

You can configure NAT all day long and it still not BLOCK anything, period. NAT doesn't drop anything and cannot be configured to do so. Why don't you actually try it instead of talking out of your ass:

iptables -t filter -F
iptables -t filter -P ACCEPT
iptables -t nat -F
iptables -t nat -I POSTROUTING -o -j MASQUERADE

Go ahead, try that on linux or try the equivalent on any firewall you want. Hook a machine up to the outer interface, set up a route to the inside on that machine and tell me what happens to the packets you send in.

Find me one single NAT implementation which can be configured to drop packets. Show me anything in any RFC that specifies that NAT must drop packets. How can you possibly read through this thread and not get that message by now?

Re:Wow! think of all them IP addresses.

[bcmm]

In many cases it just blocks all incoming connections to machines inside the network, becasue those machines don't have an IP address to connect to.

This is just the same as turning off programs that are capable of recieving connections, but strangely that isn't always possible under some OS's.

Much consumer NAT usage is there to stop all incoming connections because they are not useful to most users and not easy to disable in software.

Come to think of it, why can't Windows just have a feature to block all TCP connections in which it is not the client? Same effect as forcing people to use NAT and hardware firewalls.

An easier way?

[TimeTraveler1884]

Given the net was designed for the whole community, it has done well to reach millions. If you want to reach the whole population, you have to make sure it can scale up.

Wouldn't it just be easier to lower the population to millions rather than changing current infrastructure?

Re:An easier way?

[UlfGabe]

Nuclear War!!!
Terrorists!
MAD BEEF!
CHICKEN FLU!
OBESITY and AIDS!!

just saying what everyones thinking.

Re:An easier way?

[dauthur]

Mmmm.... bread and pastries...

Obesity has its upsides too. I don't have anything pro-nuclear though... except for the fact that I like winter.

Re:An easier way?

[Eternally+optimistic]

Probably. You go first, we'll tell you later how it worked, ok ?

Re:An easier way?

[sharkey]

Dubya!

Re:IPv6 Not Enough?

[mboverload]

Remember alot of those IP's will be within a private network. I doubt they will be handing out static IPs to lightbulbs any time soon.

OMG HE MADE TEH AL GORE FUNNY!!1eleven

[daniil]

Seriously, mate, this joke is so old it's about time it was put out of its misery (as it's no longer funny) and bury it under three miles of solid rock (otherwise, the stench would be unbearable).

Sounds like a good strategery

[AtariAmarok]

Just don't handle it like a hot potatoe.

Just make sure...You have a confilct of interest.

"you keep patents out of the standards... Microsoft have been trying to stick one in for the basic premises of IPv6... and surprise, surprise... they were also involved in the standards committee..."

Nothing new. Macromedia (of Flash fame) was on the SVG committee. We all can see how that took off.

Uh-huh!

[The-Bus]

"If you want to reach the whole population, you have to make sure it can scale up."

What that means to you, MBAs, is that it sounds like by i-deploying its cross-market and granular mix of best-of-breed technologies for today's e-enterprise, the interweb will finally be scalable!

Sessions

How about replacing http into a stateful protocal?

Re:Sessions

[Mancat]

Why?

Re:Sessions

[NanoGator]

"How about replacing http into a stateful protocal?"

Okay, I'm an idiot. Can somebody explain the thought behind this? A.) I don't understand what a stateful protocol, B.) I don't understand what HTTP currently is and why it's a prob. Little help?

Re:Sessions

[Grey_14]

Ok, as far as I understand it, http opens a connection, requests a page, then once data is received, it closes the connection, so you can load a page, and once it's loaded you disconnect from the webserver until you want to get another page, I have no idea what the guy suggesting stateful http is thinking, as I would think that would just drastically increase the load on http servers, as they would have to maintain thousands of open sockets at once, (Well.. thousands MORE)

Re:Sessions

[yabos]

The web server would retain the state of the session across each page you visit. This would eliminate the need for cookies but there's no reason really that I can think of to do this.

Re:Sessions

[LordLucless]

It would mean we could get rid of some of the kludges used currently to implement a stateful protocol on top of a stateless one - eg: sessions via cookies and url rewriting and stuff like the "keep alive" thingy that creates a mini-persistent connection for downloading all images referenced in page and stuff like that.

But yes, making every HTTP request create a state would be a resource drain. I think the best method would be to allow you to request either stateful or stateless connections when you make a request, but that would make stuff like web-servers that much more complicated.

Its all about a tradeoff - flexibility at the cost of simplicity. At the moment the protocol is designed to be simple, so all the complexity for maintaining state across stateless connections is added at the application level, in a series of horrible kludges.

2.1?

[Doc+Ruby]

Whatever happened to Internet2? Was it just another Bubble scam, in reverse? Just a way for academics to rip off government and investors with handwaving promises of "Next Generation" apps, from the magic cloud that birthed the first Internet (but without the genius and visionaries)? Internet2 has been in "startup" phase for almost a decade - where's the return? And if it's just percolating beneath the surface of these announcements, why isn't my taxpayer investment getting the credit? For starters, where's the massively scalable multicast infrastucture that would enable all these hypermultimedia apps that everyone wants?

Re:2.1?

[forkazoo]

Uhhh... Internet2 is a private academic network. What exactly were you expecting from it, except a set of high speed data links between research universities? It was never intended for the average person to get a DSL connection to Internet2, because all the sites connected to Internet2 also have connections to the Internet, so there would be no benefit. The advantage is that the big universities have a dedicated network, without napster and all that crap bogging it down.

Re:2.1?

[jjeffries]

For starters, where's the massively scalable multicast infrastucture that would enable all these hypermultimedia apps that everyone wants?

Same place it is on in the regular ol' Internet... Providers can't figure out how to bill for it, so it's more or less not an option. Lovely, eh?

Re:2.1?

[Doc+Ruby]

It's a research network, not just a reduced-noise hispeed academic ghetto. I'm not asking for a connection to Internet2 - I'm asking what Internet2 has produced to justify the huge investment you and I have made. Most of the apps I've heard about are medical apps, which I'm sure provides a nice, healthy return to doctors and pharmacos, which we're subsidizing as many ways as we can. But one research project mentioned for Internet2, with wide consumer applications, is multicast, which we need now. Where is it? Where's the rest of the return?

Re:2.1?

[Doc+Ruby]

What's the billing problem? Encrypt the packets with a different private key every 5 seconds, and require each listener to get new copies of the public keys, by subscription in 10-packs, distributed randomly in time. The keybuffers are not multicast, but they're millions of times smaller than the encrypted media, so the smaller-scale unicast model works. If I can think of that in 30 seconds, why haven't the providers thought of it yet? And why do incumbent corporate providers have an advantage, if Internet2 is publicly funded?

Re:2.1?

[NoMercy]

Internet2 was a crappy name for a WAN linking universities, it was faster, but not a lot diferent to many of the other University WANs aroudnd the world.

Re:2.1?

[BigPappa]

One of the biggest things that we've used it for is something that needs low latency and big pipes, videoconferencing. We have had classes that have students at 3-4 different universities with the profs at each contributing to the class, even in the same session. These were the high quality 5MB/s streams times the number of universities. That's ~20MB going back and forth with all the overhead that that would have. We needed Internet2's pipes to do that.

It's also used to do regular Polycom conferences without the latency you see with busy Internet1 connections. Our I1 pipes get pretty clogged in the afternoon, and it's a mess to try to keep the connection, even with QoS. We've had conferences with others from Hawaii to New York over I2 with minimal dropouts or frame rate problems. Without the I2 pipe, these meetings would not have been possible, or at the least uncomfortable to be in. And it saves so much in travel time and money.

Heck, even the MCU that we use (to allow more than 2 units to talk) is in another state.

Another thing that I2 has done is start linking K-12 schools together as well. Many states use the same network for higher ed and K-12. So not only are the universities getting the benefits, but so are regular elementary and secondary schools that are using the same pipes.

Re:2.1?

[Doc+Ruby]

It's the name for a huge, expensive project that has promised a lot, and delivered little, at least as far as I can tell. Or anyone else apologizing for it in this thread. It was supposed to be a lot more than just faster: more scaleable, more interactive, less latency, more decentralized. A platform for the next generation. Meanwhile, we get breathless articles like the one we're discussing in this thread, throwing "VoIP" hype at the interminible rollout of IPv6, which predates Internet2. What, do they have George Lucas in charge of this sequel?

Re:2.1?

[Doc+Ruby]

These are the kind of projects I expected Internet2 to prove out. Is there any transfer of I2 tech to the public Internet?

Re:2.1?

[BigPappa]

Oh yeah, lots of it. One of the things is IPv6 and multicast. The Abilene backbone (one of the I2's biggest) is entirely v6. The knowledge there on how it works on a grander scale is helping to tune and shape the works that come out of places like Cisco and Nortel. Thier code gets production tested first on Abilene and then to the big networks. We also get the new big routers to test with usually before anybody else does. If you go look at Abilene's website, you can see from the network graphic that it's pretty busy.

Interestingly enough there seems to be a moving away from expensive ATM connectors to cheaper 10GigE connections. Our state network has just converted the backbone to GigE, and I expect that our connection to Abilene will change to that soon as well. I think ATM for medium length hauls will die out, only to be used on extra long hauls like across contries and oceans. I can see the big networks doing this to to cut down on costs and brainpower. ATM is just too complicated.

Re:2.1?

[Doc+Ruby]

Thanks - finally some signals among the noise in answer to my (impertinent ;) question. Beyond pure infrastructure progress, have you seen any evidence of working multicast subscriptions over I2? Care to hazard a guess whether the IPv6 over the current public Internet would support it, if I included support for the techniques in my own distriubted apps?

Re:2.1?

[BigPappa]

Unfortunately, our school is not setup for multicast yet to I2. One of the things I've been poking our network guys to get finished. I've seen successful use on our own LAN for things such as SLP and multicasting drive images.

Some of the video streams that Internet2 has setup (especially for thier big conferences) are multicast. Since I can't do it, I don't know how well it works, but I have heard from others universities that have had good luck with it in video applications.

I would guess that many of the big networks probably have multicast on their backbones. Their clients though are not able to grasp it and implement it to thier WAN connections so it just works locally. Multicast is tricky, it takes some real planning and knowhow to make it work across networks effectively.

Re:2.1?

[ZeldorBlat]

The advantage is that the big universities have a dedicated network, without napster and all that crap bogging it down.

I thought napster and all that crap was the reason for Internet2 in the first place.

Re:2.1?

[davburns]

I don't understand why providers don't see the profit potential of multicast.

If there's a source "out there" and you have multiple customers that want data from that source, then you:

1. Charge each customer for the bandwidth they consume at the normal rate.
2. Are charged at the normal rate -- but only once -- by you upstream
3. Profit! (Note lack of ????)

Really, this should be easy, but it's not happening. Maybe it's just a chicken-and-egg thing with applications and infastructure. Maybe nobody's figured out how to market this, so users will understand and demand it. Too bad. Multicast worked fine on 9/11.

according to wikipedia, much more!

[vena]

This is the equivalent of 4.3 × 1020 (430 quintillion) addresses per inch (6.7 × 1017 (670 quadrillion) addresses/mm) of the Earth's surface

hooray!

Re:IPv6 Not Enough?

[mflinquin]

The whole idea is that every device can have it's own IP. In any case, IPv6 provides enough IPs so that there are over 6.5x10^23 for every square meter of the earth's surface. We won't be running out any time soon.

Re:IPv6 Not Enough?

Number of addresses:
IPv4 : 4 × 10^9
IPv6 : 3.4 × 10^38

That means about 4.3 x 10^20 addresses per sqr inch on Earth's surface. So, yes, it will be enough, even for whatever embedding plans people might have.

Re:IPv6 Not Enough?

[kclittle]

Dude, IPv6 address are sixteen bytes long. That's 3.4E38. When we get to the point that we have more than 3.4E38 lights and toasters, we'll have far more critical problems than finding IPv6 addresses for each of them. (Like, forming a black hole full of toasters, for example...)

IPv6 is a hack

the real problem are single companies having 50,000+ publicly accessable ip addresses which in reality no company actually needs, internal NAT is supposed to stop any need for a workstation in someones office having a public IP

INANA needs to stop dishing out massive blocks of IP addresses to people like it was tapwater

Re:IPv6 is a hack

I, for one, hope that a company's networking policy is left to the company, not some burecracy who wants to nanny my networking setup.

Your comment also speaks of technical ignorance. Simple packet filtering can make a network just as secure as a NAT'd network, while at the same time avoiding the pitfalls of NAT.

Re:IPv6 is a hack

[CammieCrookston]

I agree about IANA handing out too much address space. I can think of several organizations - if that's what you want to call them - that have entire Class A's for themselves, and utilize very little of that space compared to what's available. The problem is, they've got them, and they're not exactly going to be given back.

Re:IPv6 is a hack

[irix]

IANA hasn't been handing out class A blocks "like tap water" for a long time. Sure, some organizations have too many addresses, but these were mainly organizations that pioneered the IP network and were handed these netblocks very early on.

As an AC pointed out in an earlier response, NAT is the hack, not IPv6. It breaks end-to-end connectivity, and you have to jump through lots of hoops to get many protocols to work correctly. NAT was a measure that slowed the need for IPv6, but it didn't remove it.

Re:IPv6 is a hack

[gl4ss]

ok, how does that make ipv6 a HACK?
ipv4 needed a hack, that hack was NAT.

Re:IPv6 is a hack

[dodobh]

NAT is broken, because it puts state in the network instead of the endpoints. That is one of the important reasons, but not the only one.

Re:IPv6 Not Enough?

[MightyMartian]

From what I can see, what's held up IPv6 adoption is the NAT router, and IPTables/Netfilter in particular. These IPTables guys have managed to come up with hacks for many of the difficult protocols, so that even cranky beasts like MSN Messenger are fully functional. NAT has its problems, of course, and at some point we're going to have to dump IP4, but I think it's longer off then some hope.

Re:IPv6 Not Enough?

[ArbitraryConstant]

If you could convert the whole planet into devices that understand IPv6, and you could make each device out of a few thousand atoms, then we'd be in trouble. Otherwise, no. 2^128 is a big number.

The routing strategies they use cut that down quite a bit, but it's okay because most of the mass of the Earth is tied up as molten rock and stuff like that. We'll be okay unless the Earth gets eaten by nanomachines.

MOD PARENT INSIGHTFUL

[lolocaust]

We also have to put up with this crap in the uk.

Re:IPv6 Not Enough?

[rjshields]

I can't remember which is greater, the number of available IPv6 addresses or the estimated total number of atoms in the universe

Err, not quite. IPv6 increases the IP address size to 128 bits, that's 2^128 = 3.402823669e+38 hosts minus a few for private and reserved networks. I'm not sure how many atoms I have in my ass, but it must be approaching that figure. Perhaps someone can help me out.

Re:IPv6 Not Enough?

[superskippy]

I don't see why not. NAT is great for lots of machines that need to make outgoing connections, but if you want to turn your light bulb on and off remotely, this is a pain through NAT.

I don't see why I can't turn my heating on and off remotely through a webserver in the boiler, and see what's left in the fridge through my mobile phone etc.

This reminds me of a quote:

I went to my first computer conference at the New York Hilton about 20 years ago. When somebody there predicted the market for microprocessors would eventually be in the millions, someone else said, "Where are they all going to go? It's not like you need a computer in every doorknob!"

Years later, I went back to the same hotel. I noticed the room keys had been replaced by electronic cards you slide into slots in the doors.

There was a computer in every doorknob.

-- Danny Hillis

Re:IPv6 Not Enough?

[superskippy]

One of the things that upsets me about NAT is that it is making the most complicated technologies the standard one that everybody has in their home.

If you read your average TCP/IP textbook, how to set up a network with static IP addresses is finished by chapter 5. You don't get to NAT until chapter 30.

When you think about what NAT has to do, it's pretty complicated. Yet the most complicated technology is used by the most naive users on DSL. 10 years ago, you'd have to spend big money for anything that could do NAT- imagine what Cisco would have charged you! But now it comes in a box costing £200.

Maybe this is just a bad geek attitude, but home NAT routers are bit like handing out super-deadly chainsaws to DIY enthusiasts. I think home users should be encouraged to stick to hacksaws for now, and we should try and make an internet where all of the stuff is in the home is understandable by non-networking super-nerds.

Re:IPv6 Not Enough?

[WalksOnDirt]

I don't know how fat your ass is, but an average ass has around 10^26 atoms. So it would take around a trillion asses worth of atoms to have IPv6 fail to be able to address each of them.

a trillion asses to exhaust ipv6?

[StandardDeviant]

We'd better not let the government know about it then. ;)

Re:IPv6 Not Enough?

[Bishop]

There are more ipv6 addresses then atoms in your body. My back of hand calculations show 4*10^10 addresses per atom.

mass of a person: 80kg

molecular mass of water: 18g/mole

approximate moles of water in body: 2.7e27 = 80e3 / 18 * 6.03e23

approximate atoms in body: 8e27 = 2.7e27 * 3

address in ipv6: 3.4e38

approximate addresses per atom: 4e10 = 3.4e38 / 8e27

The mass of water was used as water is a significant portion of the body.

More useless IPv6 calculations

[sahonen]

According to my calculations, IPv6 allows us:

Over 300 million IP addresses per cubic millimeter of the Earth.
One IP address for every 5 cubic meters of the entire solar system within the sphere defined by the aphelion of the orbit of Pluto.
180,000 IP addresses per cubic light year for the estimated size of the entire universe.

Yup, I think we have enough.

Re:More useless IPv6 calculations

[Feztaa]

180,000 isn't much, really. How are we supposed to conquer the universe if we're going to limit ourselves so harshly?

Re:More useless IPv6 calculations

[NevarMore]

640k used to be enough too.

Re:More useless IPv6 calculations

[Jesus_666]

We'll use NAT.

Re:More useless IPv6 calculations

[sahonen]

Well, if you consider the vast amount of empty space between the galaxies, unless we fill up every single nook and cranny of the universe, it should be fine.

Re:More useless IPv6 calculations

[Geoffreyerffoeg]

You just watch. One day we'll decide that every qubit deserves its own IP address.

Re:More useless IPv6 calculations

[sahonen]

I'm rather interested in the notion of every neuron in a neural net getting its own IP address.

The human brain has 100 billion neurons in it. Now the most population dense country in the United States has 17,685 people per square kilometer. Earth has 510,067,420 km^2 of surface area, and since in a moment I'm going to assume we have interplanetary travel and the ability to individually address neurons that we can use all of it to capacity. This results in a planet with a population of 9,020,542,322,700. That's 9 trillion people. With a t.

It would take 3.77230498x10^14 such planets to fill the entire IPv6 address space.

Furthermore, such a planet filled to capacity with every individual neuron individually addressable would only effectively use 44 bits of address space. 43 bits if a couple of people were willing to NAT their brains. </smirk>

Stateless is Beautiful

[handy_vandal]

How about replacing http into a stateful protocal?

No, let's not do that.

-kgj

atoms of planet per address

[Bishop]

If we do the same calculations for the earth using iron as the dominant element, we will find that there are approximately 2e11 atoms in the earth per ipv6 address. Or about 17 picograms per ip address. There are alot of ipv6 addresses.

NAT has other purposes

[dpilot]

NAT is the ISPs way of keeping its subscribers in line, and acting as consumers rather than citizens. Given the TOS of my ISP, it just doesn't matter whether I get NATted, or not. Anything I could do that I can't do behind NAT isn't allowed.

Re:IPv6 Not Enough?

[Jesus_666]

Mmmm, galactic toast.

Re:Mind you...

[ebrandsberg]

IPv4 only supports 4bil address in a given addressible domain. With NAT, things get more interesting, and to be honest, is the BEST thing that has happened to computer security ever. People whine about NAT, but it's poor protocols that cause NAT to break things (FTP, RTSP and SIP come to mind). Otherwise NAT solves the issues.

no to flash!

[x2A]

don't be silly, anyway they're talking about the net, not the web, ie, the infrastructure, not format's of files that could be transfered over it.

Anyway, most of us don't want flash as standard at all.

-2A

Re:no to flash!

[Mancat]

You're right.. It's a web standard, not an internet standard. Still, would you object to the use of Flash if it were a completely open standard? The only reason I object to the frequent use of Flash, is that Macromedia is the be-all-end-all of what platforms and browsers are supported, and there's no way around it.

Re:no to flash!

[x2A]

I don't care about that side of it, purely as I've never really been stuck trying to use flash on a system that wouldn't support it. My objection is how it gets used, for example, individual flash buttons (where rollovers, or at most, a single flash file would suffice).

Flash is used by web designers to sell their websites to clients who think their customers will appreciate it, rather than a quick and easy interface.

I have it disabled on my machines, I'll only enable it when I specifically want to use it (like to watch latest salad fingers :-p )

-2A

Re:no to flash!

[Minna+Kirai]

don't be silly, anyway they're talking about the net, not the web, ie, the infrastructure, not format's of files that could be transfered over it.

No. IETF spends more of their time on file content than byte-pushing "infrastructure". For example, the HTML format is IETF RFC 1866. Any file that's mainly viewed over the internet is potential IETF fodder.

(Flash is too old and too intentionally openness-hostile to ever become an IETF standard, of course. But it'd be good if it could be replaced by something which is a standard, maybe SVG)

Re:no to flash!

[x2A]

the only binary executable comes from macromedia, I'd hardly call -one site- 'random websites'. The stuff that comes from random websites is interpreted by the flash player, it's not binary executable (otherwise, how do you think it runs on windows/linux/macs?)

-2A

OOO packets

[x2A]

Sometimes different packets can be sent along different routes, and a packet sent first could actually be recieved after a subsequent packet (they're recieved Out Of Order). Computers know this and have a recieve buffer to put them back into order... perhaps his brain lacks this feature?

-2A

What the ?

[camcloud1]

"That clearly is not enough when you have 10 billion people to serve, so there is technical solution, the new version of IP - IPv6."

Where did the other 3.5 billion people come from?

Re:What the ?

[SupaMegaBuffalo]

http://www.overpopulation.org/faq.html

They'll be here soon enough. It's nice to see that they're planning ahead.

Re:[Scaremongering] has other purposes

[dpilot]

Obviously not, on both counts. But I'm sure ISPs don't mind that people are getting scared of the Big, Bad Internet and running and hiding behind NAT routers. Even if you subscribe to Stupidity instead of Evil Intent, having users run to NAT routers simplifies ISPs life. In fact, Verizon has a plan where they distribute wireless routers. There's a good deal of sense to it, too. In one fell swoop they get past having to set up PPPoE on users' machines - dhcp to the router is a HECK of a lot easier.

Re:IPv6 Not Enough?

[NanoGator]

"So it would take around a trillion asses worth of atoms to have IPv6 fail to be able to address each of them."

Gentleman, I think we have found our new standard unit of measurement.

IPv6 versus Worms

[xate]

it will be much less efficient for worms to find vulnerable hosts with IPv6. IPv4 has 2^32 or 4,294,967,296 IPv6 has 2^128 or 340,282,366,920,938,463,463,374,607,431,768,211,45 6. thats only 79,228,162,510,000,000,000,000,000,000,000,000,000 times more numbers, and more time worms would spend searching for vulnerable hosts. awesome.

Income disparity not as big as you think!!

[kromozone]

Most Korean's I know are making about $60k per year mid-career. It's the regions outside of Seoul that really drag the per capita income down. Still their exchange rate has surged from 1250Won/$ to 1000, so they are doing quite well. Just thought I'd clue everyone in who seems to think Korea is some backwater shit-hole where $20 is a fortune, it's not. Communication is just cheap here, probably due to population density in large part, and also partly due to a very technocentric culture. Having the latest 80 megapixel camera phone is a necessity of life to the younger generations.

DoD is already planning a migration...

[m0rningstar]

At least according to this article. And adoption by a major US Government Agency will if not force at least strongly encourage organisations doing business in that arena to follow. And then their upstreams. And so on.

Also, in all honesty, I fear that the 4 billion number is low, not high and NAT/PAT are only stopgap measures. (Especially with the relatively wide range of protocols that require application level awareness to actually translate, including such staples as H.323 and the rest of the multimedia stable).

Add to that the large blocks that are allocated AS large blocks and only fractionally used (or not at all; at one stage one of my former customers had a registered Class B for 200 or so employees. And that entire network space was NAT'd to someone else's space prior to reaching the Internet) and the traction will have to happen, regardless of if your ISP understands it now.

Personally, I like being able to remember IP addresses, and not having to totally rely on DNS. But that's not going to be feasible forever.

Re:Mind you...

[pHDNgell]

IPv4 only supports 4bil address in a given addressible domain. With NAT, things get more interesting, and to be honest, is the BEST thing that has happened to computer security ever. People whine about NAT, but it's poor protocols that cause NAT to break things (FTP, RTSP and SIP come to mind). Otherwise NAT solves the issues.

NAT has in no way improved security. You're confusing firewalls with NAT. Firewalls would be just as effective without NAT.

Since you seem to be so informed, though, how exactly are you working to fix these ``poor protocols'' that are preventing me from doing video chat with my daughter or managing her computer? I cannot ssh, remote desktop, or ichat AV because her machine is behind a NAT outside of her control.

How does this benefit her, the customer of this service? What does it do to improve security beyond the built-in firewall or any given add-on stateful firewall?

If we really want to plan for the future...

[esobofh]

Why not IPV32 - and forget about ever worrying about a lack of addresses.. i'd like to give everything an address so why not just set it so high that it'd never be an issue?

Re:moron

[daniil]

Honestly, sir, i wasn't even trying to be funny. Of course i'm flattered that you found my silly (and utterly moronic; i fully expected it to be modded down, but the mods seem to have been on crack again) flame to be humorous. I promise to try harder the next time.

Re:Mind you...

[Lennie]

Didn't you just answer your own question ?

If you can't reach it, it's a lot more secure. :-)

I know it's not for everyone, but it helps a lot of people.

30 Euros for 20mo down / 1mo up

[da5idnetlimit.com]

And that's in France, using Free Telecom.

They also include Voip (free call on national pots and heavily discounted international) and 40 TV Channels on your DSL pipe at no extra charge...

And France Telecom is testing VDSL2+ something, allowing for 50mo down and 20mo up...

Re:30 Euros for 20mo down / 1mo up

[Doc+Ruby]

Very interesting - we don't hear about fast/cheap Euro broadband too much. How does the TV part work? Why only 40 channels, when you get only 1 channel at one time? Cable TV sends all channels to you at 1 time, and your TV throws away all the channels that you do not watch. And who produces the shows?

Qouting the RFC

[Ulric]

From section 2, Overview of traditional NAT:

In a traditional NAT, sessions are uni-directional, outbound from the private network. Sessions in the opposite direction may be allowed on an exceptional basis using static address maps for pre-selected hosts.

Re:Qouting the RFC

[asdfghjklqwertyuiop]

From section 2, Overview of traditional NAT:

In a traditional NAT, sessions are uni-directional, outbound from the private network. Sessions in the opposite direction may be allowed on an exceptional basis using static address maps for pre-selected hosts.

That doesn't say that if there is no static map inbound sessions must be prohibited. Nothing anywhere in any of the NAT RFCs says that NAT must drop a packet or actively prevent a connection in any way.

Re:Mind you...

[ebrandsberg]

Seems like the NAT solution is pretty secure to me so I call BS on your "NAT has in no way improved security". :) Firewalls are great when you need access from the internet in general TO the resources. NAT is great when you only need access out, which is 95% of the users on the Internet. If your daughter is behind a NAT, she can initiate a connection out to you and that should work. Solutions do exist, see skype for a setup that works properly with NAT enabled (although for voice). One key issue with protocols is when they imbed an IP address in the payload, that is a no-no by the OSI stack model, and breaks NAT in horrible ways.

Re:Quoting the RFC

[Ulric]

But it does say that "sessions are uni-directional, outbound from the private network." I don't know how else to interpret that, even if it doesn't explicitly say what should be done with unexpected inbound sessions.

FWIW, I agree that NAT in itself doesn't provide much security.

Re:Quoting the RFC

[asdfghjklqwertyuiop]

But it does say that "sessions are uni-directional, outbound from the private network." I don't know how else to interpret that, even if it doesn't explicitly say what should be done with unexpected inbound sessions.

Well I interpret that as a conceptual explanation on what is happening on a network where this type of NAT would be useful. They aren't actually writing a hard specification telling implementors do drop packets. I've yet to see a NAT implementation that can be configured to drop packets... and like I mentioned in another post, the RFC (2663 I think) tells you to use a firewall in addition if you actually want security.

TFA?

[x2A]

Maybe, but TFA that we're discussing is about the infrastructure. We could also discuss how hot they serve coffee during the meetings, but that just happens to not be what TFA's about.

But I do agree re:flash. Only time I've used it was when I needed an open 2way tcp connection to the server (a 2player online game, without needing to poll using http get's). I know there are java classes out there you can use for that, but that's just substituting one plugin for another so... went for the one more ppl would have already.

-2A

Re:[Scaremongering] has other purposes

[dan_bethe]

Right. And it also has benefits for the customers -- particularly business customers. As both a netizen since childhood and as an ISP architect, I say these things with the utmost care and respect.

• having your own portable address space isolates you from your ISP so you can more easily switch ISPs at any time
• most customers don't have or need their own ARIN-assigned portable public IP address space
• most customers can't run a server any better (security is a massive concern) than an ISP can, so they don't need to host them
• the concept of the "end to end internet" is not something that is necessarily enabled by the presence of a public IP address. A public IP address is not something the netizenry inherently needs or is inherently entitled to, and can be politely worked around in any number of ways, when genuinely needed, as is evidenced with clever p2p and with hosted game, communication, and ASP services. It does not make you more valid or equal of a netizen just like land ownership doesn't make you sovereign; you're just leasing it from the greater body. These are trivial limitations of otherwise gratuitous liberties.
• Tell me one person in their right mind whose heart's desire genuinely requires their computers, telephones, toasters, and tvs, to have always-on, *directly* reachable, unfiltered IP addresses for the entire planet forever. That would be an unsophisticated and insecure topology, especially given the average transient and disconnected usage patterns. That person is nowhere close to representative of the population and is capable of designing, managing, and vigilantly securing their own network.
• NAT does not immediately imply security, but it simplifies topology and deployment and hence they go hand in hand.
• For any needs not covered here, the customer can pay for the features or switch ISPs.

These issues impact the manageability, security, and liability of ISPs, which customers have no inherent right to impact without paying a premium and which an ISP has no requirement to allow anyway. They don't reduce netizenship, free speech, and don't unduly reduce your mobility. I operate a small wifi ISP who now issues private addresses by default because we know our customers and because we will let them pay a little extra for public IP address space if they absolutely require it, as a matter of informed consent. In my customers' case, they know that we can manage security far better than they can.

I'm sorry if your ISP doesn't offer those options, and offends your sensibilities. As for residential customers across the country who are on satellite or whatever, you can share a colocation with a friend (maybe someone on landline in town) or build wifi. As for residential customers across the country who are in town, you can pay extra to use your choice of ISP over DSL and get a static IP address and the whole works. I started with a shared, 2400 bps, 7E1, tty-only dialup and I painstakingly maximized my netizenship with it. You are capable of designing and managing your own network and you can pay. :)

not enough fingers

[x2A]

The sequence numbers are usually counted on your fingers, but as in this case the packets are being sent to the fingers for typing, there's simply not enough fingers to count with and type. Currently we have a four finger protocol (FPv4) but upgrading to 6 fingers (FPv6) would help free up the extra fingers to make sure these mistakes don't happen.

But people with 6 fingers are often looked down upon, so open acceptance of FPv6 isn't going to happen anytime soon.

-2A

Re:Mind you...

[pHDNgell]

Seems like the NAT solution is pretty secure to me so I call BS on your "NAT has in no way improved security". :) Firewalls are great when you need access from the internet in general TO the resources. NAT is great when you only need access out, which is 95% of the users on the Internet.

95%? Where'd you get that? I was under the impression many users wanted to communicate directly with each other via P2P things (which was pretty much the only way we did things when I started using the internet). I have a cool app that allows people to transfer files back and forth. ...or maybe two people want to play a game against each other?

By your logic, that must require some central server in order to work.

If your daughter is behind a NAT, she can initiate a connection out to you and that should work.

*oh*, so I should just have her machine ssh or remote desktop into my machine for maintenence? Got it.

Solutions do exist, see skype for a setup that works properly with NAT enabled (although for voice).

Right, a centralized, closed source, single-vendor, nonstandard solution to work around the broken network.

One key issue with protocols is when they imbed an IP address in the payload, that is a no-no by the OSI stack model, and breaks NAT in horrible ways.

That is not a key issue. The key issue is that you simply can't make two computers arbitrarily talk to each other if you're in a network remotely as large as mine. You don't hear about all of these protocols failing people simply because of embedded IP addresses, but because the software wants to be able to talk to other people running the software.

So you've got one address and a friend over. Which one receives incoming requests for a game you're trying to play online? Stuff like that. Things just work when every machine has an address, and security is not any worse.

Re:Mind you...

[pHDNgell]

Didn't you just answer your own question ?

If you can't reach it, it's a lot more secure. :-)

I know it's not for everyone, but it helps a lot of people.

You also couldn't reach it with a firewall config that's closed by default...until you wanted to, anyway. Then you could.

NAT doesn't help here. Just hurts.

Re:IPv6 Not Enough?

[drinkypoo]

We don't use restricted addresses for security. You can get that by simply disallowing any packets that claim to be from addresses on your local network that actually originate from outside interfaces. If all your addresses were routable, you would never again have to worry about port forwarding. You would just make sure your routing worked properly, and create a filter rule that allowed the applicable traffic to pass. This would eliminate all the stupid problems that have arisen because of NAT and port forwarding.