IPv6 for the Linksys WRT54G

AndersBrownworth writes "Earthlink Research and Development has released a firmware load for the Linksys WRT54G wireless access point that supports end-to-end IPv6. They suggest features such as extremely large address space, stateless autoconfiguration and low cost restoration of end-to-end addressability will revolutionize IP communications. It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet."

WRT54G is an awesome piece of hardware

[LiNKz]

With the firmware being so easily changed, you can run just about anything on it.

I mean, I telnet into mine right now and review settings.. Which I love.

There is a list of firmware at wikipedia:
http://en.wikipedia.org/wiki/WRT54G

Re:WRT54G is an awesome piece of hardware

[87C751]

...I telnet into mine right now ...

You misspelled ssh. HTH

Re:WRT54G is an awesome piece of hardware

[Qzukk]

I telnet into his too, though I just capture his traffic.

How does this increase adoption rate?

[eln]

Plenty of devices and operating systems fully support IPv6, but that doesn't mean anyone uses it. With things like widespread usage of NAT making the IP availability crunch less and less of a problem, there is no real incentive for the average user to convert to IPv6.

Does anyone support IPV6?

[couch_warrior]

For the great unwashed masses, using IPV6 will mean that:
1) Their ISP supports it
2) The Windoze protocol stack uses it.
I know that Linux on my machine has an IPV6 stack available, but do any commercial ISPs deliver connectivity? It isn't exactly something they put in their TV ads.

Re:Does anyone support IPV6?

You can get IPv6 tunnels (some free, although you need to prove you're a real person and send in ID stuff), so if that works with this new firmware, that's an option.

As for ISPs, I've only actually seen one U.S. backbone company that actually claims to support IPv6, NTT (which has a lot of experience from Japan--IPv6 rollout in other countries with less IPv4 space/more mobile devices is farther along). Before end user ISPs can provide IPv6, we'll need the big backbone companies to provide IPv6 to their customers.

Heck, I find it hard to even get IPv6 colocation service for hosting IPv6-accessible services. On the upside, Speakeasy has been planning on rolling out an IPv6 service, although I've heard they've run into delays getting their network up.

Re:Does anyone support IPV6?

[Wesley+Felter]

You don't need any ISP support if you use 6to4.

Windows supports IPv6 already, although not perfectly.

The ThreeDegrees P2P app automatically enables and configures IPv6 when you install it, and all its traffic goes over IPv6. It turned out not to be a killer app, but imagine if something like Kazaa or Skype decided to enable IPv6 on everyone's computer.

Re:Does anyone support IPV6?

[thanasakis]

Windows does indeed support ipv6. Just typing ipv6 install at the command prompt just about does it if you want to enable it. It sets up your 6to4 tunnel too if you don't have native ipv6. Plus, windows are ahead because their ipsec stack does work. In linuxland, ipsec is supposed to be implemented by openswan, but last time I checked it was sort of incomplete and configuration was somewhat difficult.

On the other hand, most pppd daemons in solaris,freebsd and linux support ipv6. Windows will support ipv6 ppp in longhorn.

Great!

[s20451]

I really need that new address space. I mean, there are only 16842752 addresses in the 10.x.x.x and 192.168.x.x address spaces. With the 15 million wireless devices I keep in my home, I was starting to get worried!

Re:Great!

[fo0bar]

Don't forget about 172.x

Don't forget that you are overlapping with public space if you use all of "172.x". Private space in the Class B range is only 172.16.0.0/12, or 172.16.0.0 - 172.13.255.255 (which is 1048576 IPs).

Wow.

[krisp]

OpenWRT has had this for what, a year now?

ipkg install kernel-ipv6
modprobe ipv6
ip tunnel add .... etc

this isn't news

They do if you ask for it...

[Supp0rtLinux]

I use Earthlink and saw a link on their site about 6 months back for "testers" of their broadband offerings. I signed up cause it offered discount service. About 3 months ago, they sent me a new router (a Linksys, but not the same one as this article) and set me up with end-to-end IPv6. So far, all's worked fine and w/o issue. Perhaps this firmware patch is to be released before they start offering it to more users...

IPv6 incremental support won't help

[jquiroga]

Some people think incremental steps like this will somehow help IPv6 rollout worldwide. I think that is a completely different problem, and very hard to solve. Any volunteers to solve the hard and difficult problem?

The best description I know about The Problem comes from Dan Bernstein, The IPv6 mess.

The IPv6 designers don't have a transition plan. They've taken some helpful steps, but they typically declare success (``IPv6 support'') when the real problem---making public IPv6 addresses work just as well as public IPv4 addresses---still hasn't been solved.

Re:IPv6 incremental support won't help

[mellon]

Dan does mention some real problems on the page to which you've linked, and I agree with some of his criticisms of the IPv6 process, where a lot has been invented prior to identifying a need for it, and in many cases all of this theoretical invention has wasted valuable time and opportunity.

However, a lot of what he says is quite out of date at this point. Furthermore, he complains that he's willing to hack but wants to be able to autoconfigure his hosts, and the implication is that he would hack if only he were told what to hack on, which frankly doesn't sound like the Dan we've all grown to know and love in the DNS world. If he really wants to fix these problems, the best way to show what the big bad people at IETF are doing wrong is to demonstrate it with working code.

The fact is that right now having an IPv6 address doesn't get you a whole lot of goodness in the U.S., and so we probably will be the last to adopt it if everybody here maintains your attitude.

IPv6 deployment in Asia is a reality, and to a lesser extent this is true in Europe as well. Anywhere where the IP infrastructure is being expanded is an easy place to deploy IPv6. 6to4 gateways are doable, just as are NATs. So you will see widespread deployment of IPv6 in Asia in the relatively near term.

As far as the U.S. and Europe go, slashdotters are precisely the people who should be thinking about trying to use IPv6 as soon as possible - as geeks, we are the early adopters, and as we try out the technology and try to use it, the world will catch up with us. The more we poo-poo it and don't try to actually deploy it, the longer it's going to take to address the concerns that Dan raises, and, I think, the more it's going to cost us in the long run.

One last thing: IPv4 link local addressing is fairly badly broken. If you want to be able to do link local addressing, it works a lot better in V6-land. This is largely an accident - nobody thought to cripple it until it was too late. But it's still true that you do get some value from deploying IPv6, even if only within your own home. If you use Rendesvous/Bonjour, you're probably already using IPv6 and just don't know it yet.

Re:IPv6 incremental support won't help

[jquiroga]

You're right in the technical aspects, but I believe the big problem isn't technical.

I agree with Dan in these two:

• The big mistake was not to extend IPv4 to make it easier for normal users to adopt the New Way.
• The problem that the previous mistake caused is that most normal users are deadlocked, all of them waiting for the others to adopt the New Way first.

That's why I think this discussion is quite relevant, especially if you expect IPv6 to finally enter the mainstream. It seems the mainstream is deadlocked. That won't be solved by pitching the technology, they don't care. They are sensitive to economic arguments and to marketing, and both are stacked against IPv6.

I post from Europe, and we've been enticed and encouraged to adopt IPv6 for years. However, it remains exotic for most techies and almost completely unknown to normal users. Why? Because IPv4 already won. Even if I decide to embrace IPv6 myself, I can't recommend it to paying clients who hire me to help them avoid dumb mistakes. The adoption of a new technology to do the job of an existing and deployed old technology that seems to work OK, and a real expense to get some unknown benefit with no timeframe will look like a dumb mistake to many of them. And I can't change their short-term way of thinking.

Why IPv6 is needed

[Jimmy_B]

This thread will of course trigger a bunch of replies from people saying we don't need IPv6, but in fact, we do, badly, and the need is only increasing with time.

NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple). And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses.

There are theoretically 4 billion IP addresses total. That sounds like a lot, but an IP address isn't just a number which can be assigned individually; what you do is hand out big consecutive blocks of them, so that routers can say things like "for 123.231.*.*, send packets in this direction". The shortage of IP addresses has introduced lots of special cases, so that internet routers need tons of memory and processing power to figure out the mess.

Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.

Re:Why IPv6 is needed

[tyagiUK]

I have to disagree.

Firstly, most VoIP architectures currently look to SIP proxies for segmentation between the operator's network and the user agent or equipment. A SIP proxy is basically just an application-layer gateway. This type of software is being incorporated in to many of the forthcoming customer premises equipment. Therefore, if your application layer gateway is at the edge of your network, proxying incoming and outgoing SIP requests, what does having end-to-end IPv6 buy you?

Secondly, despite evidence of a shortage of IPv4 addresses, there is some confusion over what this really means. There is a shortage of AVAILABLE IPv4 addresses. This is distinctly different from having a shortage of UNALLOCATED IPv4 addresses. Basically, many telcos, ISPs and large institutions are sitting on some very large blocks of address space. This address space was handed out readily in the 1990s because demand (i.e the dotcom boom) wasn't anticipated.
Due to certain organisations receiving such large allocations, there was little or no control over how this resource was allocated to their networks. The result of this is highly wasteful allocation, some still using classful addressing (so summarising subnets on classful boundaries such as 255.255.255.0 or 255.255.0.0, /24 or /16). A similar problem exists where organisations have gradually learned about HOW to allocated public address space. In some cases, large portions of significant allocated blocks are wasted on infrastructure, customer link connections and some other, unnecessarily wasteful applications.

Many of these places could actually go back over their allocated address ranges and re-claim huge chunks. All it requires is a motivation to do so and the time and resource to plan and execute it. At the moment, the motivation is rarely there and organisations would generally prioiritise such activity at the bottom of a long list of things to do.

The problem arises when they are required to demonstrate to their regional registrar that they have sensibly used their current allocations in order to obtain new blocks of unassigned space. Generally, this is when you will hear the cries of "Oh no, the Internet is running low on available IPv4 space! Panic!".

Finally, your worm theory is just wrong. Yes, it decreases the probability of hitting an exploitable host, but it increases the depth to which the worm can scan. What I mean by this is that the worm will be able to scan in to people's private networks if NAT and firewalling are not used. If rules are not explicitly put in place to protect your home IPv6 LAN, then worms will be able to scan all hosts from the outside.

How many people put up a NAT/PAT box or a firewall, and then think they're perfectly safe from the outside? Most networks conform to the Twinkie theory -- crunchie on the outside and soft and squidgy in the middle. Chances are that an IPv6 home lan would be totally unprotected once on the inside. If this inside is exposed to the Internet then the chances of remote exploitation increase dramatically in my opinion.

IPv6 - solution without a problem?

[lheal]

Is IPv6 a tool looking for a job to do?

It's not a chicken-and-egg thing, where everyone would do it if there were only the infrastructure, but there's no infrastructure because no one's doing it yet. At least, it doesn't seem that way to me.

IPv6 came about when the Internet exploded in the early 90's. Folks looked at the address space and said "Hey, we're running out of room!"

The solution in IPv6 was to use 128-bit addresses instead of 32-bit ones, and to design the next gen of protocols using the lessons learned from the previous one. TCP/IPv4 was designed in an era when security was not in as much focus as it is now.

It seems like about two minutes after IPv6 began to be developed, the world discovered NAT and firewalls. We'd always had routers with private networks, but NAT made it possible for mortals to set up. A whole company with thousands or millions of IP addresses can be hidden behind a very small set of IPv4 addresses.

That solution has worked so well that few feel the need to use IPv6.

I wonder what will happen to force the issue?

Re:MOD PARENT UP +5 Slashbot

[Sponge+Bath]

MOD PARENT UP +5 Slashbot

If I'm gonna give up some of my mod points,
the poster better be a hookerbot with a bag of cheetos.

6to4 anycast router

[Dolda2000]

It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet.

Have you tried checking if they support the IPv4-to-IPv6 anycast router address 192.88.99.1? If they do, you can set up a 6to4 tunnel Real Easy (R).

Just set up an IPv6 tunnel (Linux SIT tunnels support this natively), and point it to 192.88.99.1 to send to non-6to4 addresses. Other 6to4 destinations will be auto-tunnelled with IPv6-over-IPv4, and any IPv6 packets sent to you will also be automatically routed over IPv6-over-IPv4 by the Internet. Therefore, there's no need to set up a tunnel with a third party if you're using 6to4.

Fedora Core supports 6to4 more or less out-of-the-box. All you need to do are two things:
1. Add these lines to /etc/sysconfig/network (why does Slashdot split the lines?):

NETWORKING_IPV6=yes
IPV6FORWARDING=yes
IPV6_DEFA ULTDEV=tun6to4

2. Add these lines to the /etc/sysconfig/ifcfg-* describing your outbound interface:

IPV6INIT=yes
IPV6TO4INIT=yes