IPv6 for the Linksys WRT54G

AndersBrownworth writes "Earthlink Research and Development has released a firmware load for the Linksys WRT54G wireless access point that supports end-to-end IPv6. They suggest features such as extremely large address space, stateless autoconfiguration and low cost restoration of end-to-end addressability will revolutionize IP communications. It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet."

How does this increase adoption rate?

[eln]

Plenty of devices and operating systems fully support IPv6, but that doesn't mean anyone uses it. With things like widespread usage of NAT making the IP availability crunch less and less of a problem, there is no real incentive for the average user to convert to IPv6.

IPv6 incremental support won't help

[jquiroga]

Some people think incremental steps like this will somehow help IPv6 rollout worldwide. I think that is a completely different problem, and very hard to solve. Any volunteers to solve the hard and difficult problem?

The best description I know about The Problem comes from Dan Bernstein, The IPv6 mess.

The IPv6 designers don't have a transition plan. They've taken some helpful steps, but they typically declare success (``IPv6 support'') when the real problem---making public IPv6 addresses work just as well as public IPv4 addresses---still hasn't been solved.

Re:IPv6 incremental support won't help

[mellon]

Dan does mention some real problems on the page to which you've linked, and I agree with some of his criticisms of the IPv6 process, where a lot has been invented prior to identifying a need for it, and in many cases all of this theoretical invention has wasted valuable time and opportunity.

However, a lot of what he says is quite out of date at this point. Furthermore, he complains that he's willing to hack but wants to be able to autoconfigure his hosts, and the implication is that he would hack if only he were told what to hack on, which frankly doesn't sound like the Dan we've all grown to know and love in the DNS world. If he really wants to fix these problems, the best way to show what the big bad people at IETF are doing wrong is to demonstrate it with working code.

The fact is that right now having an IPv6 address doesn't get you a whole lot of goodness in the U.S., and so we probably will be the last to adopt it if everybody here maintains your attitude.

IPv6 deployment in Asia is a reality, and to a lesser extent this is true in Europe as well. Anywhere where the IP infrastructure is being expanded is an easy place to deploy IPv6. 6to4 gateways are doable, just as are NATs. So you will see widespread deployment of IPv6 in Asia in the relatively near term.

As far as the U.S. and Europe go, slashdotters are precisely the people who should be thinking about trying to use IPv6 as soon as possible - as geeks, we are the early adopters, and as we try out the technology and try to use it, the world will catch up with us. The more we poo-poo it and don't try to actually deploy it, the longer it's going to take to address the concerns that Dan raises, and, I think, the more it's going to cost us in the long run.

One last thing: IPv4 link local addressing is fairly badly broken. If you want to be able to do link local addressing, it works a lot better in V6-land. This is largely an accident - nobody thought to cripple it until it was too late. But it's still true that you do get some value from deploying IPv6, even if only within your own home. If you use Rendesvous/Bonjour, you're probably already using IPv6 and just don't know it yet.

Re:IPv6 incremental support won't help

[jquiroga]

You're right in the technical aspects, but I believe the big problem isn't technical.

I agree with Dan in these two:

• The big mistake was not to extend IPv4 to make it easier for normal users to adopt the New Way.
• The problem that the previous mistake caused is that most normal users are deadlocked, all of them waiting for the others to adopt the New Way first.

That's why I think this discussion is quite relevant, especially if you expect IPv6 to finally enter the mainstream. It seems the mainstream is deadlocked. That won't be solved by pitching the technology, they don't care. They are sensitive to economic arguments and to marketing, and both are stacked against IPv6.

I post from Europe, and we've been enticed and encouraged to adopt IPv6 for years. However, it remains exotic for most techies and almost completely unknown to normal users. Why? Because IPv4 already won. Even if I decide to embrace IPv6 myself, I can't recommend it to paying clients who hire me to help them avoid dumb mistakes. The adoption of a new technology to do the job of an existing and deployed old technology that seems to work OK, and a real expense to get some unknown benefit with no timeframe will look like a dumb mistake to many of them. And I can't change their short-term way of thinking.

Re:Great!

[fo0bar]

Don't forget about 172.x

Don't forget that you are overlapping with public space if you use all of "172.x". Private space in the Class B range is only 172.16.0.0/12, or 172.16.0.0 - 172.13.255.255 (which is 1048576 IPs).

Why IPv6 is needed

[Jimmy_B]

This thread will of course trigger a bunch of replies from people saying we don't need IPv6, but in fact, we do, badly, and the need is only increasing with time.

NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple). And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses.

There are theoretically 4 billion IP addresses total. That sounds like a lot, but an IP address isn't just a number which can be assigned individually; what you do is hand out big consecutive blocks of them, so that routers can say things like "for 123.231.*.*, send packets in this direction". The shortage of IP addresses has introduced lots of special cases, so that internet routers need tons of memory and processing power to figure out the mess.

Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.

Re:Why IPv6 is needed

[tyagiUK]

I have to disagree.

Firstly, most VoIP architectures currently look to SIP proxies for segmentation between the operator's network and the user agent or equipment. A SIP proxy is basically just an application-layer gateway. This type of software is being incorporated in to many of the forthcoming customer premises equipment. Therefore, if your application layer gateway is at the edge of your network, proxying incoming and outgoing SIP requests, what does having end-to-end IPv6 buy you?

Secondly, despite evidence of a shortage of IPv4 addresses, there is some confusion over what this really means. There is a shortage of AVAILABLE IPv4 addresses. This is distinctly different from having a shortage of UNALLOCATED IPv4 addresses. Basically, many telcos, ISPs and large institutions are sitting on some very large blocks of address space. This address space was handed out readily in the 1990s because demand (i.e the dotcom boom) wasn't anticipated.
Due to certain organisations receiving such large allocations, there was little or no control over how this resource was allocated to their networks. The result of this is highly wasteful allocation, some still using classful addressing (so summarising subnets on classful boundaries such as 255.255.255.0 or 255.255.0.0, /24 or /16). A similar problem exists where organisations have gradually learned about HOW to allocated public address space. In some cases, large portions of significant allocated blocks are wasted on infrastructure, customer link connections and some other, unnecessarily wasteful applications.

Many of these places could actually go back over their allocated address ranges and re-claim huge chunks. All it requires is a motivation to do so and the time and resource to plan and execute it. At the moment, the motivation is rarely there and organisations would generally prioiritise such activity at the bottom of a long list of things to do.

The problem arises when they are required to demonstrate to their regional registrar that they have sensibly used their current allocations in order to obtain new blocks of unassigned space. Generally, this is when you will hear the cries of "Oh no, the Internet is running low on available IPv4 space! Panic!".

Finally, your worm theory is just wrong. Yes, it decreases the probability of hitting an exploitable host, but it increases the depth to which the worm can scan. What I mean by this is that the worm will be able to scan in to people's private networks if NAT and firewalling are not used. If rules are not explicitly put in place to protect your home IPv6 LAN, then worms will be able to scan all hosts from the outside.

How many people put up a NAT/PAT box or a firewall, and then think they're perfectly safe from the outside? Most networks conform to the Twinkie theory -- crunchie on the outside and soft and squidgy in the middle. Chances are that an IPv6 home lan would be totally unprotected once on the inside. If this inside is exposed to the Internet then the chances of remote exploitation increase dramatically in my opinion.