IPv6 for the Linksys WRT54G

AndersBrownworth writes "Earthlink Research and Development has released a firmware load for the Linksys WRT54G wireless access point that supports end-to-end IPv6. They suggest features such as extremely large address space, stateless autoconfiguration and low cost restoration of end-to-end addressability will revolutionize IP communications. It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet."

WRT54G is an awesome piece of hardware

[LiNKz]

With the firmware being so easily changed, you can run just about anything on it.

I mean, I telnet into mine right now and review settings.. Which I love.

There is a list of firmware at wikipedia:
http://en.wikipedia.org/wiki/WRT54G

Re:WRT54G is an awesome piece of hardware

[87C751]

...I telnet into mine right now ...

You misspelled ssh. HTH

Re:WRT54G is an awesome piece of hardware

[Qzukk]

I telnet into his too, though I just capture his traffic.

Re:WRT54G is an awesome piece of hardware

[Proc6]

That does rock, I rarely have access to a web browser.

How does this increase adoption rate?

[eln]

Plenty of devices and operating systems fully support IPv6, but that doesn't mean anyone uses it. With things like widespread usage of NAT making the IP availability crunch less and less of a problem, there is no real incentive for the average user to convert to IPv6.

Re:How does this increase adoption rate?

[3.1415926535]

Yes, but NAT breaks a lot of other things like, say, incoming connections. It'll be really nice to not have to connect to the router, forward a port, and then lose all of your existing connections while the router reboots.

Re:How does this increase adoption rate?

[malraid]

Yep, that's exactly why the ISP don't want IPv6. Incomming connections?? No way!! Leave that to more expensive plans with public IPv4 addresses. Incomming connections for things like Bittorrent and other p2p programs?? No way!! Better keep the users behind a NAT to keep bandwidth use low.

Re:How does this increase adoption rate?

[FrankSchwab]

Yeah, it does a great job of breaking all those incoming connections from, say, the 1000 worms traversing the internet as well. I'll stick with having to configure my router to forward a port, thank you.

Re:How does this increase adoption rate?

[jsoderba]

You never heard of firewalls? A firewall is much easier to configure than a NAT network.

Does anyone support IPV6?

[couch_warrior]

For the great unwashed masses, using IPV6 will mean that:
1) Their ISP supports it
2) The Windoze protocol stack uses it.
I know that Linux on my machine has an IPV6 stack available, but do any commercial ISPs deliver connectivity? It isn't exactly something they put in their TV ads.

Re:Does anyone support IPV6?

You can get IPv6 tunnels (some free, although you need to prove you're a real person and send in ID stuff), so if that works with this new firmware, that's an option.

As for ISPs, I've only actually seen one U.S. backbone company that actually claims to support IPv6, NTT (which has a lot of experience from Japan--IPv6 rollout in other countries with less IPv4 space/more mobile devices is farther along). Before end user ISPs can provide IPv6, we'll need the big backbone companies to provide IPv6 to their customers.

Heck, I find it hard to even get IPv6 colocation service for hosting IPv6-accessible services. On the upside, Speakeasy has been planning on rolling out an IPv6 service, although I've heard they've run into delays getting their network up.

Re:Does anyone support IPV6?

[Wesley+Felter]

You don't need any ISP support if you use 6to4.

Windows supports IPv6 already, although not perfectly.

The ThreeDegrees P2P app automatically enables and configures IPv6 when you install it, and all its traffic goes over IPv6. It turned out not to be a killer app, but imagine if something like Kazaa or Skype decided to enable IPv6 on everyone's computer.

Re:Does anyone support IPV6?

[thanasakis]

Windows does indeed support ipv6. Just typing ipv6 install at the command prompt just about does it if you want to enable it. It sets up your 6to4 tunnel too if you don't have native ipv6. Plus, windows are ahead because their ipsec stack does work. In linuxland, ipsec is supposed to be implemented by openswan, but last time I checked it was sort of incomplete and configuration was somewhat difficult.

On the other hand, most pppd daemons in solaris,freebsd and linux support ipv6. Windows will support ipv6 ppp in longhorn.

Re:Does anyone support IPV6?

[Metasquares]

Admittedly, to my surprise, the Windows protocol stack does support it, at least in XP. Open a DOS prompt and type "ipv6 install" to enable it. Of course, this isn't default, so the "great unwashed masses" still won't be using it.

Re:Does anyone support IPV6?

[techfury90]

It's been in mac os x since panther as well.

Great!

[s20451]

I really need that new address space. I mean, there are only 16842752 addresses in the 10.x.x.x and 192.168.x.x address spaces. With the 15 million wireless devices I keep in my home, I was starting to get worried!

Re:Great!

[mikewren420]

Don't forget about 172.x

Re:Great!

[fo0bar]

Don't forget about 172.x

Don't forget that you are overlapping with public space if you use all of "172.x". Private space in the Class B range is only 172.16.0.0/12, or 172.16.0.0 - 172.13.255.255 (which is 1048576 IPs).

Re:Great!

[fo0bar]

I think you mean 172.16.0.0 - 172.31.255.255

No, I mean the range starts at 172.16.0.0, goes up to 255.255.255.255, wraps around to 0.0.0.0, and continues to 172.13.255.255.

(Thanks)

Wow.

[krisp]

OpenWRT has had this for what, a year now?

ipkg install kernel-ipv6
modprobe ipv6
ip tunnel add .... etc

this isn't news

Re:Wow.

[caluml]

But when is Slashdot going to get some IPv6?
Call themselves a site for geeks?

They do if you ask for it...

[Supp0rtLinux]

I use Earthlink and saw a link on their site about 6 months back for "testers" of their broadband offerings. I signed up cause it offered discount service. About 3 months ago, they sent me a new router (a Linksys, but not the same one as this article) and set me up with end-to-end IPv6. So far, all's worked fine and w/o issue. Perhaps this firmware patch is to be released before they start offering it to more users...

MOD PARENT UP +5 Slashbot

[badboy_tw2002]

Lets tally it up... +1 - Elitism in the terms of your superior computer knowledge vs. whatever else they do, the irony being the average Slashdotter's hygiene is probably somewhat below your "unwashed masses" +1 - Use a clever name in reference to Microsoft or its OS. +1 - Mention you use Linux. +1 - Mention you are ahead of even the elite Linux crowd by doing something special (IPv6, hand compiling kernel code would also have applied here.) Total: +4. Summary: Mod Parent Up! The comrade speaks the truth!

Re:MOD PARENT UP +5 Slashbot

[Sponge+Bath]

MOD PARENT UP +5 Slashbot

If I'm gonna give up some of my mod points,
the poster better be a hookerbot with a bag of cheetos.

IPv6 incremental support won't help

[jquiroga]

Some people think incremental steps like this will somehow help IPv6 rollout worldwide. I think that is a completely different problem, and very hard to solve. Any volunteers to solve the hard and difficult problem?

The best description I know about The Problem comes from Dan Bernstein, The IPv6 mess.

The IPv6 designers don't have a transition plan. They've taken some helpful steps, but they typically declare success (``IPv6 support'') when the real problem---making public IPv6 addresses work just as well as public IPv4 addresses---still hasn't been solved.

Re:IPv6 incremental support won't help

[mellon]

Dan does mention some real problems on the page to which you've linked, and I agree with some of his criticisms of the IPv6 process, where a lot has been invented prior to identifying a need for it, and in many cases all of this theoretical invention has wasted valuable time and opportunity.

However, a lot of what he says is quite out of date at this point. Furthermore, he complains that he's willing to hack but wants to be able to autoconfigure his hosts, and the implication is that he would hack if only he were told what to hack on, which frankly doesn't sound like the Dan we've all grown to know and love in the DNS world. If he really wants to fix these problems, the best way to show what the big bad people at IETF are doing wrong is to demonstrate it with working code.

The fact is that right now having an IPv6 address doesn't get you a whole lot of goodness in the U.S., and so we probably will be the last to adopt it if everybody here maintains your attitude.

IPv6 deployment in Asia is a reality, and to a lesser extent this is true in Europe as well. Anywhere where the IP infrastructure is being expanded is an easy place to deploy IPv6. 6to4 gateways are doable, just as are NATs. So you will see widespread deployment of IPv6 in Asia in the relatively near term.

As far as the U.S. and Europe go, slashdotters are precisely the people who should be thinking about trying to use IPv6 as soon as possible - as geeks, we are the early adopters, and as we try out the technology and try to use it, the world will catch up with us. The more we poo-poo it and don't try to actually deploy it, the longer it's going to take to address the concerns that Dan raises, and, I think, the more it's going to cost us in the long run.

One last thing: IPv4 link local addressing is fairly badly broken. If you want to be able to do link local addressing, it works a lot better in V6-land. This is largely an accident - nobody thought to cripple it until it was too late. But it's still true that you do get some value from deploying IPv6, even if only within your own home. If you use Rendesvous/Bonjour, you're probably already using IPv6 and just don't know it yet.

Re:IPv6 incremental support won't help

[jquiroga]

You're right in the technical aspects, but I believe the big problem isn't technical.

I agree with Dan in these two:

• The big mistake was not to extend IPv4 to make it easier for normal users to adopt the New Way.
• The problem that the previous mistake caused is that most normal users are deadlocked, all of them waiting for the others to adopt the New Way first.

That's why I think this discussion is quite relevant, especially if you expect IPv6 to finally enter the mainstream. It seems the mainstream is deadlocked. That won't be solved by pitching the technology, they don't care. They are sensitive to economic arguments and to marketing, and both are stacked against IPv6.

I post from Europe, and we've been enticed and encouraged to adopt IPv6 for years. However, it remains exotic for most techies and almost completely unknown to normal users. Why? Because IPv4 already won. Even if I decide to embrace IPv6 myself, I can't recommend it to paying clients who hire me to help them avoid dumb mistakes. The adoption of a new technology to do the job of an existing and deployed old technology that seems to work OK, and a real expense to get some unknown benefit with no timeframe will look like a dumb mistake to many of them. And I can't change their short-term way of thinking.

Well, since China, India, and Japan are going IPv6

[WillAffleckUW]

it really doesn't matter how slow NAm and EU are in changing, because most of humanity will be using IPv6 regardless.

You either surf the wave or it crashes over you. .-/

Why IPv6 is needed

[Jimmy_B]

This thread will of course trigger a bunch of replies from people saying we don't need IPv6, but in fact, we do, badly, and the need is only increasing with time.

NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple). And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses.

There are theoretically 4 billion IP addresses total. That sounds like a lot, but an IP address isn't just a number which can be assigned individually; what you do is hand out big consecutive blocks of them, so that routers can say things like "for 123.231.*.*, send packets in this direction". The shortage of IP addresses has introduced lots of special cases, so that internet routers need tons of memory and processing power to figure out the mess.

Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.

Re:Why IPv6 is needed

[TCM]

Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.

This might be true, but you can't make claims like "IPv6 prevents worm spreading" or that IPv6 "cuts off one of the major ways worms propagate". The effect might be the same, but relying on it would be security by obscurity. The only secure way is to secure the boxes, not "hide" them in vast address space.

Re:Why IPv6 is needed

[tyagiUK]

I have to disagree.

Firstly, most VoIP architectures currently look to SIP proxies for segmentation between the operator's network and the user agent or equipment. A SIP proxy is basically just an application-layer gateway. This type of software is being incorporated in to many of the forthcoming customer premises equipment. Therefore, if your application layer gateway is at the edge of your network, proxying incoming and outgoing SIP requests, what does having end-to-end IPv6 buy you?

Secondly, despite evidence of a shortage of IPv4 addresses, there is some confusion over what this really means. There is a shortage of AVAILABLE IPv4 addresses. This is distinctly different from having a shortage of UNALLOCATED IPv4 addresses. Basically, many telcos, ISPs and large institutions are sitting on some very large blocks of address space. This address space was handed out readily in the 1990s because demand (i.e the dotcom boom) wasn't anticipated.
Due to certain organisations receiving such large allocations, there was little or no control over how this resource was allocated to their networks. The result of this is highly wasteful allocation, some still using classful addressing (so summarising subnets on classful boundaries such as 255.255.255.0 or 255.255.0.0, /24 or /16). A similar problem exists where organisations have gradually learned about HOW to allocated public address space. In some cases, large portions of significant allocated blocks are wasted on infrastructure, customer link connections and some other, unnecessarily wasteful applications.

Many of these places could actually go back over their allocated address ranges and re-claim huge chunks. All it requires is a motivation to do so and the time and resource to plan and execute it. At the moment, the motivation is rarely there and organisations would generally prioiritise such activity at the bottom of a long list of things to do.

The problem arises when they are required to demonstrate to their regional registrar that they have sensibly used their current allocations in order to obtain new blocks of unassigned space. Generally, this is when you will hear the cries of "Oh no, the Internet is running low on available IPv4 space! Panic!".

Finally, your worm theory is just wrong. Yes, it decreases the probability of hitting an exploitable host, but it increases the depth to which the worm can scan. What I mean by this is that the worm will be able to scan in to people's private networks if NAT and firewalling are not used. If rules are not explicitly put in place to protect your home IPv6 LAN, then worms will be able to scan all hosts from the outside.

How many people put up a NAT/PAT box or a firewall, and then think they're perfectly safe from the outside? Most networks conform to the Twinkie theory -- crunchie on the outside and soft and squidgy in the middle. Chances are that an IPv6 home lan would be totally unprotected once on the inside. If this inside is exposed to the Internet then the chances of remote exploitation increase dramatically in my opinion.

Re:Why IPv6 is needed

[pHDNgell]

NAT is a "Good Thing"(tm) because most machines shouldn't have incoming access from outside their LAN. The inconvenience of manually mapping incoming packets forwarding far outweights the blatant lack of security. And god knows our networks are insecure enough already.

NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.

Re:Why IPv6 is needed

[asdfghjklqwertyuiop]

What confusion? NAT or no NAT, you don't want incoming connections routed to a bunch of different addresses on your network.

The confusion is that a lot of people think NAT is what is causing their network to be secure. It is not. The firewall is. You can take away the NAT and leave the firewall and your network will be just as secure.

Re:Why IPv6 is needed

[TCM]

When IPv6 comes and I have my own address I may have to buy an IPv6 NAT box just for safety's sake.

WTF? See if you can make something out of the following two lines:

block in from any to any
pass out from any to any keep state

NAT for IPv6 is the most stupid thing I've seen today.

Re:Why IPv6 is needed

[TheRaven64]

No, internet routers need power to ROUTE A LOT OF PACKETS. This has nothing to do with IPv6.

Not quite true (well, true, but misleading). IP addresses were designed to be handed out hierarchically, which made routers very simple. Now, IP addresses are handed out in blocks of 256, in a relatively arbitrary way, making the routing tables much larger than they should be. With IPv6, we will have enough IP addresses to assign them hierarchically again, and still have a few million per person.

Now this is just nonsense!

Again, not quite. A lot of worms propagate by simply scanning the IP address space. Because of how densely packed it is, they only need to scan a hundred or so to be guaranteed to find a host (usually a lot less). With IPv6, they would have to scan millions of IP addresses before they found one that was valid. A machine trying to connect to a million non-existent IP addresses is very easy to spot.

IPv6 - solution without a problem?

[lheal]

Is IPv6 a tool looking for a job to do?

It's not a chicken-and-egg thing, where everyone would do it if there were only the infrastructure, but there's no infrastructure because no one's doing it yet. At least, it doesn't seem that way to me.

IPv6 came about when the Internet exploded in the early 90's. Folks looked at the address space and said "Hey, we're running out of room!"

The solution in IPv6 was to use 128-bit addresses instead of 32-bit ones, and to design the next gen of protocols using the lessons learned from the previous one. TCP/IPv4 was designed in an era when security was not in as much focus as it is now.

It seems like about two minutes after IPv6 began to be developed, the world discovered NAT and firewalls. We'd always had routers with private networks, but NAT made it possible for mortals to set up. A whole company with thousands or millions of IP addresses can be hidden behind a very small set of IPv4 addresses.

That solution has worked so well that few feel the need to use IPv6.

I wonder what will happen to force the issue?

Re:IPv6 - solution without a problem?

[cdwiegand]

Well, except that in my network here at work (~25 machines), I want IPv6. Why? Because we run about 8 servers (some of those internal only, true, but we want to expose them to employees from home, and an extranet), 14 desktops, and a few laptops. Plus VPN users. And I get to do all of this on 5 public IPs. I have to use NAT. Don't even talk to me about FTP - even with the right module, some sites won't talk to us still. But with IPv6, I can drop the NAT, just go back to the firewall being a firewall. Everyone's machine will get an address, and I can expose the servers without having to use lots of rules for port forwarding. Not to mention the security stuff, that should help remove the need for a VPN (assuming that at some point there's an extension to iptables to allow me to drop if the security bit isn't set...)

Re:IPv6 - solution without a problem?

[Jugalator]

Is IPv6 a tool looking for a job to do?

IPv6 is often simplified to one feature: increased address space. Then the matter with NAT is brought up, which is not a very good solution for reasons mentioned numerous times elsewhere in these comments. Here are some more features of it to consider:

- IPv4 has optional support for end-to-end encryption via IPSec. In IPv6 it's mandatory.

- IPv6 doesn't require manual configuration or DHCP.

- IPv6 support QoS by router.

- IPv6 routers doesn't fragment packets like in IPv4, for clearly more efficient (faster and less processing requirements) packet routing.

- IPv6 streamlines packet sizes by extension headers.

- IPv6 has enhanced neighbor discovery features by multicast instead of broadcasted ARP messages. ICMPv6 has new messages to find best default gateways, that aren't optional like the ICMPv4 Router Discovery. These features should give an enhanced ad hoc connectivity experience for the users.

- IPv6 doesn't necessarily send broadcast messages to all nodes on a subnet, but uses more intelligent local scopes.

Breaking the cycle

[whitis]

This could be useful for breaking the cycle that prevents adoption of IPv6. ISPs don't provide service because there isn't enough user demand. Users don't demand it in part because a lot of software would break. And software developers don't provide IPv6 support because their ISP doesn't support IPv6. Yes, you can configure tunneling software but if you are behind a NATing and Firewalling router, there are likely to be some problems and by the time you are done configuring it, you don't have time to work on the software; this project actually replaces a commonly used router with one that enables IPv6 rather than getting in the way. And likewise, most people can't really switch to IPv6 only until almost everyone supports IPv6. So, this could help provide critical mass.

The web page is pretty vague about what is actually going on under the hood. Presumably this distribution creates a tunnel to some IPv6 relay router but what gateway or tunneling protocol is used is not specified.

"just about anything" is right!

[phigga]

Ever tried putting Asterisk on one? It's sweet!

I like my WRAP

[TCM]

The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.

I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.

With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).

Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!

Re:Well, since China, India, and Japan are going I

[IntergalacticWalrus]

You're underestimating the power of inertia in the US. Remember that this is a country that still doesn't recognize the metric system!

6to4 anycast router

[Dolda2000]

It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet.

Have you tried checking if they support the IPv4-to-IPv6 anycast router address 192.88.99.1? If they do, you can set up a 6to4 tunnel Real Easy (R).

Just set up an IPv6 tunnel (Linux SIT tunnels support this natively), and point it to 192.88.99.1 to send to non-6to4 addresses. Other 6to4 destinations will be auto-tunnelled with IPv6-over-IPv4, and any IPv6 packets sent to you will also be automatically routed over IPv6-over-IPv4 by the Internet. Therefore, there's no need to set up a tunnel with a third party if you're using 6to4.

Fedora Core supports 6to4 more or less out-of-the-box. All you need to do are two things:
1. Add these lines to /etc/sysconfig/network (why does Slashdot split the lines?):

NETWORKING_IPV6=yes
IPV6FORWARDING=yes
IPV6_DEFA ULTDEV=tun6to4

2. Add these lines to the /etc/sysconfig/ifcfg-* describing your outbound interface:

IPV6INIT=yes
IPV6TO4INIT=yes

Re:Well, since China, India, and Japan are going I

[WillAffleckUW]

You're underestimating the power of inertia in the US. Remember that this is a country that still doesn't recognize the metric system!

Doesn't matter. We already converted over in science, in manufacturing, and in retail.

Why do you think it's 8.5 ounces when you buy a carton? It's actually a metric measurement - we just pretend it isn't for the consumer.

MOD PARENT UP!

[swillden]

NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.

You, sir, have hit the nail on the head.

What people like about NAT boxes from a security perspective is that they must implement a particular sort of stateful firewalling in order to do their job. But a very simple stateful firewall accomplishes *exactly* the same security task without the limitations of NAT.

Re:Earthlink sucks

[rekoil]

Covad actuallly provides what you would call "Layer 2" connectivity between their equipment at the local telco's CO and the ISP's equipment using ATM. The ISP will provision both upstream connectivity to the internet and then an ATM trunk to Covad, who feeds all of that ISP's customers terminating at their DSLAMs (where your copper pair is split off to) at the various LEC's central offices and "concentrates" them using ATM PVCs (permanent virtual circuits) onto to the ISP's trunk. The ISP then feeds the data between the internet pipes and the ATM trunk.

IPv6 For Beginners, A Guide

[jd]

I was one of the Early Adopters of IPv6 in England - my site was the first listed in the UK (by 1 day) and ran under Linux 2.4.20 with the experimental IPv6 patches and a whole bunch of NRL software ported to Linux.

IPv6 is an attempt to re-engineer the IP protocol to solve a number of problems, but exactly how it does so has shifted a few times over the course of time. Here is a summary of what it does, why it matters, and what it means to the newcommer:

• IPv6 has more addresses. Many, many, many more addresses.
  
  • This matters for three reasons. Firstly, it makes it possible to reliably auto-configure the network, without an administrator watching to make sure DHCP hasn't screwed up.
    
  • This is because the last 48 bits of the address are the MAC address on your network card, which guarantees that nobody else will have that same address. The initial part is purely identifiers for what network you are on.
    
  
  
• Secondly, it means that networks can be organized on a heirarchical basis, which means that routers have simpler routing tables, which means that there's less lookup time and therefore less latency
  
• Thirdly, it means that true mobility is possible. Because the last 48 bits are a unique identifier, the network is capable of tracking mobile users as they migrate through the network, forwarding packets to them, so connections are sustained.
  

IPv6 is a simpler, heirarchical protocol

• This also offers three key benefits. Firstly, because the header isn't stuffed with every possible flag and variable for every possible contingency, it is faster to process and therefore there's less latency in assembling and processing them at each end, which makes for a faster connection.
  
• Secondly, because you can extend the header for new, specialist, types of application, IPv6 can absorb new technologies as they come out, without needing major work done. IPv4 has been a real pain, in that regard, needing all kinds of encapsulation and meta-packets to handle newer uses of the Internet.
  
• Thirdly, it means that devices that don't need certain features don't need to implement them, so can get away with simpler and smaller implementations. This is important with PDAs and other other miniature networkable devices, where there isn't the memory to handle anything that isn't vital.
  

IPv6 is automagic

• Firstly, it detects the MTU - the largest packet size - that the connection with a remote machine you are connecting to will support. This means that connections will be adjusted to the capabilities of the network, which should make for more reliable, faster connections.
  
• Secondly, it supports anycasting, where you specify the information you want and the request is forwarded to all nearby servers that can supply it. First one back is the winner. This means you don't need to remember addresses of servers for your ISP, and they are free to do upgrades and maintenance without disrupting users.
  
• Thirdly, it detects available gateways - it doesn't need to be programmed with them manually or even by DHCP - which means that you can connect to multiple ISPs without confusing your machine.
  
• Fourthly, because IPSec is a part of the standard, security is automatic. All your connections will be encrypted, all of the time. Normally, with IPv4, people don't use security if they don't have to. Which means that all the social information perps can use to break encryption quickly is all sent in the clear, and the critical information is easily identifiable - it's the only thing sent via SSL. By encrypting everything, crackers can't use insecure data to crack the secured data - a very common way to crack secured data, by the way.
  

Re:Of course, NAT greater than Firewall,

[TCM]

NAT rewrites addresses, it is not a firewall and it does not provide decent security in itself.