Federal Agencies Must Use IPv6 by 2008

← Back to Stories (view on slashdot.org)

Federal Agencies Must Use IPv6 by 2008

Posted by Zonk on Friday July 1, 2005 @10:34PM from the quick-turn-over dept.

MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."

295 comments

Min score:

Reason:

Sort:

Not ready for Prime Time by Anonymous Coward · 2005-07-01 22:37 · Score: -1, Troll

While IPv6 fixes many problems in IPv4, the developed world will not
embrace IPv6 until many shortcomings in the protocol are addressed.

1. Cisco routers suck at IPv6. Many of cisco's routers use the
router's CPU to process IPv6 packets instead of the fast-path. The
reasons for this are explained in the next few points. While Juniper's
routers are substantially better at IPv6 than cisco's, IT managers are
often restrained by insane corporate policy that dictactes the use of
cisco.

2. There are too many addresses. There are 16.7 million addresses per
square metre of the earth's surface, including the oceans. This is
overkill. The world does not need more than the 4 billion addresses
available with IPv4, and I challenge you to come up with an
application that requires that many. Assuming that you can actually
come up with one, it could easily be solved with Network Address
Translation, or NAT as it is commonly known.

3. IPv6 addresses are too large. An IPv6 address is 128 bits in size -
64 bits of which are reserved for addressing hosts, and 64 bits of
which are reserved for routing. One thing that is cool with IPv6 is
address autoconfiguration. Take your 56-bit MAC address on your
ethernet card, ask for 64-bits of network prefix, bang it together
with EUI-64 and you are set. The problem with a 64-bit network prefix
is that routing tables become massive. Just do the math and you'll see
that extreme amounts of memory are required to hold routing tables.

4. The IPv6 header is too large. An IPv4 header compact at 20 bytes in
length, while the IPv6 is bloated at 40 bytes. That's right people,
each one of your IP packets has twice as much overhead as before.
While this may not sound much, IP networks have a requirement that the
minimum MTU supported must be 576 bytes. That means that where you
might have got 556 bytes of data in your IP packets, you now get 536
bytes. This means that downloading stuff will take 3.4% longer.

Sure, IPv6 allows for nice hacks like those described in this article,
but is it really ready for prime time?
1. Re:Not ready for Prime Time by lw54 · 2005-07-01 22:55 · Score: 3, Interesting
  
  Well, I'll bite.
  
  IPv6 has such a large address pool to allow autoconfiguration of addresses for now and in the future. It basically redifines the whole issue of keeping up with who has which IPs. Just keep up with their network number and autoconfig the rest.
  
  While the addresses may be 4 times the size and the header is twice the size, the header itself can be processed and delivered faster.
2. Re:Not ready for Prime Time by OverlordQ · 2005-07-01 22:56 · Score: 1
  
  Yes because NAT sucks.
  
  --
  Your hair look like poop, Bob! - Wanker.
3. Re:Not ready for Prime Time by Uhlek · 2005-07-01 23:00 · Score: 5, Insightful
  
  Obviously you only read trade mags and know nothing about networking:
  
  1) You're thinking older Cisco equipment. But, the same argument could be made for any number of enterprise/carrier routing vendors. If you have a router/multilayer switch designed for IPv4, you're going to have to either upgrade it with IPv6 ASICs, or replace it completely. That's part of the price of transisition, and there's no way around that.
  
  2) No one with any level of education in the matter says "We're running out of addresses." We're running out of address SPACE. Big difference. The huge class A and B networks issued to large US corporations and the military means those countries who got online later on are losing out. Case in point...I was on the redesign team at a USAF base that had two class B networks -- for 30,000 customers.
  And NAT is only a stopgap. You end up with a massive number of interoperability problems when you start NATing. With IPv6, there simply isn't the need for it, and you remove those problems.
  
  3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers. Massive OSPF networks, yeah, the Dykstra algorithm hits hard, but there are other, less CPU-intensive options like IS-IS, or just design your network right from the ground up and summarize properly.
  
  Again, the problem we're going to run into here is the specialized memory used for wire-speed packet switching. But, if you're doing wire-speed, you're going to have to replace the ASICs anyway, so the TCAM gets replaced too.
  
  4) You're right, minimum MTU size in IPv4 networks is 576 bytes. But that's a difference of 3.5% versus 7%. Not a major issue -- especially since most MTUs are in the range of 1250-1500, or even higher in pure GigE networks.
  
  The road to IPv6 will be bumpy, but the only issue you mentioned with any real weight is the first, and that's an easy one. You just throw money at it.
  
  Where the problem is going to lie is in long-haul data transport, IPv4 interoperability, and legacy application support. The network's the easy part.
4. Re:Not ready for Prime Time by Anonymous Coward · 2005-07-01 23:00 · Score: 0
  
  1 is a valid point: switching to IPv6 is going to be a bitch as far as hardware is concerned.
  
  In reference to 2 & 3, I can't see how you can have too many IP addresses, and network speed has increased by more than enough to deal with IPv6's mildly increased header size.
  
  In reference to 4, the minimum MTU for IPv6 is much larger at 1280 bytes.
5. Re:Not ready for Prime Time by Uhlek · 2005-07-01 23:09 · Score: 2, Informative
  
  Looked up something interesting. Minimum MTU in IPv6 is 1280 bytes. So, now you're talking a difference of 1.5% versus 3.1% (rounded). Even less of a big deal.
6. Re:Not ready for Prime Time by Anonymous Coward · 2005-07-01 23:11 · Score: -1, Troll
  
  Smells like we got a troll in the house.
7. Re:Not ready for Prime Time by knipknap · 2005-07-01 23:12 · Score: 4, Interesting
  
  1) You're thinking older Cisco equipment.
  
  Wrong. Recent IOS releases still have the same problems, they are also quite catastrophic from a usability point of view in comparison with the IPv4 features.
  
  3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers.
  
  This is always an issue, as memory costs money. The global routing table has just passed the RAM barrier a few months ago for many routers; most Cisco routers holding that table now require 512MB minimum route memory. (of course it also depends on what else the router has running, but as a general rule, the mark was hit.)
  
  Either way, IPv6 means more memory and resource requirements, which in turn means a lot of investment with no return. That's why IPv6 will only come when it has become absolutely necessary. Which will take a few years still. So no, it is not "ready for prime time".
8. Re:Not ready for Prime Time by MathFox · 2005-07-01 23:13 · Score: 4, Insightful
  
  1. Cisco routers suck at IPv6.
  Cisco will have to fix that or go dodo...
  2. The world does not need more than the 4 billion addresses available with IPv4.
  Think VOIP: it would be nice if my "Mobile communicator", home PC and work PC could be directly accessed from all over the world. With 6 billion people on earth, I estimate a demand for 18 billion IP addresses.
  3. IPv6 addresses are too large.
  Moore's law: The capacity problems will be solved in a few years. And routers don't need to keep full routing tables (they never did!)
  4. The IPv6 header is too large.
  Network speeds have boomed... 8 Mbit ADSL is affordable and available nearly everywhere in the Netherlands. When you redo your computation with a MTU of 1500 (ethernet), overhead increases by a bit more than a %.
  I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.
  
  --
  extern warranty;
  main()
  {
  (void)warranty;
  }
9. Re:Not ready for Prime Time by Armadni+General · 2005-07-01 23:25 · Score: 2
  
  Somebody really needs to mod this down. This exact comment has been posted multiple times before on Slashdot: Googe results.
10. Re:Not ready for Prime Time by Anonymous Coward · 2005-07-01 23:35 · Score: 1, Interesting
  
  "4) You're right, minimum MTU size in IPv4 networks is 576 bytes. But that's a difference of 3.5% versus 7%. Not a major issue -- especially since most MTUs are in the range of 1250-1500, or even higher in pure GigE networks."
  
  In a world where an ever increasing percentage of IP traffic is streaming, the MTU is becoming irrelevant, and the header size a huge burden.
11. Re:Not ready for Prime Time by Uhlek · 2005-07-01 23:37 · Score: 2, Interesting
  
  I was referring to what is available for purchase, not what's currently deployed. I still work with production Cisco 2501's on occasion, so believe me, I know that the IPv6 transision is not going to be cheap, or easy.
  
  Thing is it'll never be absolutely necessary here in the US, at least not for a long time to come. Enough kludges have been developed for NAT that it's "good enough" for the time being, espeically to IT managers facing the hard choice between sticking with NAT or dumping a metric ass-ton (roughly equivilant to an Imperial crapload) of money into an IPv6 infrastructure.
  
  The "prime time" buzzword has been an excuse for the last few years, even though no one can really give a hard definition of what "prime time" is.
12. Re:Not ready for Prime Time by vidarlo · 2005-07-01 23:47 · Score: 1
  
  This is always an issue, as memory costs money. The global routing table has just passed the RAM barrier a few months ago for many routers; most Cisco routers holding that table now require 512MB minimum route memory. (of course it also depends on what else the router has running, but as a general rule, the mark was hit.)
  While the addresses itself gets longer, the routing tables will become easier. Because it can be consistent routing, i.e all that has 3ffe: goes in that direction, d4ae:f9821: goes in that direction. So I guess you'll se less change in routing table size than you guess. Remember, one of the goals with ipv6 was to minimize routing tables.
  
  --
  Assembling etherkillers for fun an profit
13. Re:Not ready for Prime Time by Anonymous Coward · 2005-07-01 23:53 · Score: 1, Insightful
  
  The grandparent was obviously a pre-rolled troll. I mean, come on, it's huge and it's like the first post.
14. Re:Not ready for Prime Time by fataugie · 2005-07-02 00:01 · Score: 2, Funny
  
  So what you're telling me is, that what is needed here is for some articles to be written and a few people to go on news shows and say how life as we know it will cease to exist, that the Y2K/\/\IPv4 bug will eat us alive. We'll be back in the stone age because our Computer/TV/Radio/can opener with embedded chips/\/\/I mean IPv4 addresses can't possibly function.
  
  --
  
  WTF? Over?
15. Re:Not ready for Prime Time by TheRaven64 · 2005-07-02 00:14 · Score: 2, Interesting
  
  Not to mention the fact that with IPv6 we are back to a situation where addresses can be assigned hierarchically, and so the routing tables can be quite compact, dealing with a small number of rangers rather than a large number of network addresses.
  
  --
  I am TheRaven on Soylent News
16. Re:Not ready for Prime Time by superid · 2005-07-02 00:14 · Score: 1
  
  re point 2....my *.mil is a class B servicing around 4k hosts :(
17. Re:Not ready for Prime Time by empaler · 2005-07-02 00:22 · Score: 1
  
  It's called subscription, noob.
18. Re:Not ready for Prime Time by kernelpanicked · 2005-07-02 00:48 · Score: 0
  
  Subscription my ass, AC hit it dead on
  
  --
  Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
19. Re:Not ready for Prime Time by thogard · 2005-07-02 01:00 · Score: 1
  
  If the *NICs were dishing out only /24s then you could do the same thing with 16 megabits of memory per interface. For a typical largish dual homed company that means they need nearly 4 megabytes of ram to hold the current routing state. Now that assume that routers used content addressable ram which they don't.
20. Re:Not ready for Prime Time by empaler · 2005-07-02 01:09 · Score: 2, Interesting
  
  Yeah, he probably IS right. It's not as much connected to the article as the IPv6 thing, or more precisely, only to the IPv6 part.
  Still, someone typing fast, who knows what he wants to say and has the foresight to spot something he wants to comment on in the mysterious future might pull this off.
21. Re:Not ready for Prime Time by WebCrapper · 2005-07-02 01:22 · Score: 1
  
  Actually, it not... See previous post or you can look on google and find many more where its been used...
22. Re:Not ready for Prime Time by Anonymous Coward · 2005-07-02 01:24 · Score: 0
  
  DNS request wait time is now only 30 Minutes !!
23. Re:Not ready for Prime Time by pe1chl · 2005-07-02 02:19 · Score: 1
  
  This was possible in IPv4, but it did not happen.
  In the early days there even where theorists that proclaimed that "addresses are not routes" all the time.
  I don't think it is going to work in IPv6...
24. Re:Not ready for Prime Time by macshit · 2005-07-02 11:39 · Score: 1
  
  IPv6 was explicitly designed to make routable addresses reasonable, and using it like that seems to be pretty much a basic assumption.
  
  IPv4, with its teeny address space, is not a good analogy.
  
  --
  We live, as we dream -- alone....
25. Re:Not ready for Prime Time by pe1chl · 2005-07-02 20:45 · Score: 1
  
  The IPv4 address space has been deliberately fragmented by NICs that assigned requested network blocks in numeric order over large areas.
  Look how the APNIC assigned one /16 block to Australia, the next to Korea, next to Japan, then one to Australia, one to China, one to New Zealand etc etc.
  
  This could have been done much better even within IPv4 but it was not done and some people even proclaimed it SHOULD not be attempted.
  
  In the early days the phone system used routable addresses. It was possible when there was a single phone company in a country or area, and people with forethought assigned the numbers.
  But there it has been abandoned as well...
Ugh by Anonymous Coward · 2005-07-01 22:38 · Score: -1, Flamebait

NAT should take care of any lack of IP-space.
1. Re:Ugh by bjoeg · 2005-07-01 22:43 · Score: 1
  
  How, NAT wont help that 1 IP-adress can only have one owner.
2. Re:Ugh by MathFox · 2005-07-01 22:48 · Score: 1
  
  And I need at least 2 IP addresses: One at home and one for my co-loc server...
  
  --
  extern warranty;
  main()
  {
  (void)warranty;
  }
Nice to see that... by cato+kaze · 2005-07-01 22:39 · Score: 4, Insightful

Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used. (Is there an FCC ruling or guidelines for transition time somewhere or are we just oozing towards it?)

--
Those who study history are doomed to watch others repeat it.
1. Re:Nice to see that... by jacksonj04 · 2005-07-02 00:21 · Score: 3, Interesting
  
  Oozing slowly.
  
  Basically, install an IPv6 stack on everything you can and use IPv6 ready software/hardware over IPv4. Eventually upstream people will see IPv6 all over the place using Toredo, and implement an IPv6 network.
  
  My school runs on IPv6, along with a few others in the area, and our upstream provider is already implementing an IPv6 network for us.
  
  --
  How many people can read hex if only you and dead people can read hex?
2. Re:Nice to see that... by anthony_dipierro · 2005-07-02 00:53 · Score: 1
  
  Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used.
  
  My guess, probably never.
3. Re:Nice to see that... by jav1231 · 2005-07-02 01:29 · Score: 2, Insightful
  
  Why should they? What is gained by IPv6? Nothing currently. Oh you get to say, "Dude! I'm IPv6!" Big deal. NAT has stifled IPv6 for the masses and brought at least some level of security to Winblows users around the globe. The idea that the whole government should be on it is probably the compulsion of a bunch of advocates. In the case of the government, I can live with it. As for the rest of us it's really just a solution who's problem has largely already been solved.
4. Re:Nice to see that... by Mysticalfruit · 2005-07-02 01:29 · Score: 1
  
  I agree. NAT effectively killed IPv6. That and the baulkanization of the internet.
  
  Everybody has their own citadel with their data servers up in pearly white towers. The only clear access to the information desk is across a gantry high above a wall of fire. As you walk across this gantry your every step is watched by a 50 eyed beholder...
  
  --
  Yes Francis, the world has gone crazy.
5. Re:Nice to see that... by neal+n+bob · 2005-07-02 01:41 · Score: 1, Interesting
  
  OMB gets off an making these grand IT pronouncements! I spent the last few years watching them blow millions of taxpayer dollars on their last bunch of IT crap they pushed down which was poorly planned and even more poorly managed. Hearing them mandate this by 08 is the funniest thing I have ever heard. All the agencies already have their budgets pretty well known through FY07, so where will they get the money? Some agencies like DOI don't even have a fully functional network - parts of it are not allowed to connect to the internet by court order because their security was so bad. So how the hell will that non-functioning entity move to IPv6?
6. Re:Nice to see that... by anthony_dipierro · 2005-07-02 01:42 · Score: 2, Insightful
  
  NAT, dynamic DNS, and all the other "hacks" which resolved the problems in ways which were backward compatible. Between NAT, dynamic DNS, and application level protocols to negotiate ports, we don't have merely 4 billion IP addresses, we have 28147 trillion, and that, to misquote Bill Gates, should be enough for anyone.
  
  I'm not saying IPv4 is going to last forever. Like anything else, it won't. But I'm pretty convinced that IPv6 won't be the next widely adopted protocol after IPv4. To (properly) quote D. J. Bernstein, "The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space."
7. Re:Nice to see that... by Mr+Smidge · 2005-07-02 02:27 · Score: 5, Insightful
  
  NAT will not allow you to do easy VOIP or video-conferencing.
  
  Now think about this: there's an entire class A subnet allocated to MIT. There's quite a few class A subnets allocated for various US governmental institutions. There's a whole one for Apple computer.
  
  But, there's just one for the entire African continent. Some ISPs in countries besides the US cannot give their customers a real IP address! There are not enough to go round. The way they have been allocated is clearly skewed.
  
  So yes, lots of people stand to gain by having more addresses. They just happen to be in some of the poorer nations.
8. Re:Nice to see that... by Mysticalfruit · 2005-07-02 02:30 · Score: 2, Insightful
  
  I agree with that quote from Bernstein as well. If IPv6 was made complimentary to IPv4 so that you could have both on the same network and able to talk to one another without tunnels and crap, I think when people migrated their networks to gigE, they would have also migrated their devices to IPv6 as well.
  
  --
  Yes Francis, the world has gone crazy.
9. Re:Nice to see that... by drsquare · 2005-07-02 03:35 · Score: 2, Informative
  
  Between NAT, dynamic DNS, and application level protocols to negotiate ports, we don't have merely 4 billion IP addresses, we have 28147 trillion,
  
  So please explain: if me and someone I'm trying to contact are both behind NAT, what number do I try to connect to if I want to directly connect to this computer, i.e. the whole damn point of the Internet?
  
  Like has been said before, the people who think NAT is acceptable all want or have their own real IP addresses.
10. Re:Nice to see that... by jav1231 · 2005-07-02 04:15 · Score: 1
  
  VoIP can work around this easily. True, if everyone on the planet had a VoIP phone your point would be well taken. There's no reason, however, a company couldn't use an entire private segment that never sees the 'Net and use VoIP. It can then be trunked out over land-lines. I'd venture to guess this is how it's done for the most part anyway.
11. Re:Nice to see that... by kjh1 · 2005-07-02 04:25 · Score: 1
  
  Here's a link to the essay that D.J. Bernstein wrote on the 'IPv6 Mess'. He makes some good points that I think are really significant. The fact that IPv6 has not been widely deployed yet is a silent acceptance of the migration nightmare that it would cause.
  
  --
  Whoever Has the Most Toys Wins!
12. Re:Nice to see that... by Anonymous Coward · 2005-07-02 04:41 · Score: 0
  
  I use VOIP at home through my NAT firewall. It works just peachy!
13. Re:Nice to see that... by anthony_dipierro · 2005-07-02 04:51 · Score: 1
  
  So please explain: if me and someone I'm trying to contact are both behind NAT, what number do I try to connect to if I want to directly connect to this computer
  
  Whatever "number" is assigned to that user for that connection.
  
  Like has been said before, the people who think NAT is acceptable all want or have their own real IP addresses.
  
  I think NAT is acceptable, and I don't want or have my own real IP address.
14. Re:Nice to see that... by drsquare · 2005-07-02 05:55 · Score: 1
  
  Whatever "number" is assigned to that user for that connection.
  
  But there is no IP address, so how do you connect? Say someone starts his own site, but he's behind NAT. How does he let anyone to connect to it?
  
  I think NAT is acceptable, and I don't want or have my own real IP address.
  
  Would you accept a similar system for phone numbers?
15. Re:Nice to see that... by TERdON · 2005-07-02 07:09 · Score: 1
  
  Would you accept a similar system for phone numbers?
  Getting slightly offtopic, but in the beginning of the usage of phones, at least in Sweden, where I'm from, it actually was quite usual to share a phoneline among neighbours, because the costs per household was lower then.
  
  The different phones were given "A" and "B" numbers, and when you phoned them, at both places the phones would ring. If the wrong place answered they basically had to run over to the neighbour, and tell them...
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
16. Re:Nice to see that... by kosmicki · 2005-07-02 07:30 · Score: 1
  
  how do you connect? Beyond the fact that most people don't have their own server, you use port forwarding. Works for one person at least.
  
  And for telephones? It happens all the time, they are called extensions.
17. Re:Nice to see that... by drsquare · 2005-07-02 07:47 · Score: 1
  
  Port forwarding is a dirty hack. And it only works if you have control over the NAT router. Once we get to a point where there are more Internet users than available IP addresses, it's not going to work. Unless of course all the poor black people (like Africans who have as many addresses as Apple) get stuck behind NAT and have to play a passive role in the Internet, whilst the rich white Americans get proper Internet.
  
  And for telephones? It happens all the time, they are called extensions.
  
  Every house has its own static, unique phone number. There are more possible phone numbers than IP addresses. Imagine a phone system where each street had a phone number, so you could only phone outwards, but no-one could ring you. Of course it wouldn't be a problem as long as the rich white Americans had their own numbers.
18. Re:Nice to see that... by doubledoh · 2005-07-02 07:55 · Score: 1
  
  Yes, but that's not the direction VOIP will be taking. The whole point of VOIP is to use the "public" internet to reduce costs that a private networks entail.
  
  --
  I think, therefore I doh.
19. Re:Nice to see that... by jp10558 · 2005-07-02 08:19 · Score: 1
  
  You're wrong. Up until about 1997 or so, in upstate NY it was common for people to be on a party line - shared by 4 or so houses. If you stuck a normal phone on there, it would ring whenever anyone called that line. In fact, to call from one party line house to another, you'd have to call, hang up, then pick up again.
  
  The special party line phones somehow filtered out the other #s ringing, but anyway - there were until recently party lines in the US.
  
  However, I do think that we need to get away from NAT - it's a big pain. I have to use hamachi with my friends to run my FTP server becasue I can't figure out how to get it to work past the router/modem the DSL uses. And I had to call tech support to get my e-mail server running.
  
  --
  Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
20. Re:Nice to see that... by jav1231 · 2005-07-02 10:45 · Score: 1
  
  But who's to say they can't still utilize NAT. Public switches route to private trunks now so VoIP can and will evolve. It's already evolving faster than IPv6 is being deployed.
21. Re:Nice to see that... by _avs_007 · 2005-07-02 18:46 · Score: 1
  
  I have multiple voip clients at home, and I'm running a voip pbx server at work, all of which are behind NATs, and they also work fine. You just need to know how to configure them :p
22. Re:Nice to see that... by Anonymous Coward · 2005-07-03 05:50 · Score: 0
  
  Didja ever think that Africa does not need as many IP addresses? Perhaps the fact of having internet access alone is more then enough for now. Or did you merely see the white man holdin' the brothas down?
What the hell? by Talez · 2005-07-01 22:42 · Score: -1, Troll

Which nerd lobbied hard and sucked enough cock to get that announcement?

You'd think out of all the things that are important, IPv6 would not be one of them. Good on them though. It takes one hell of a push to get people out of the mediocre and onto something better because it offers no immediate benefit to them.
1. Re:What the hell? by Njovich · 2005-07-01 22:46 · Score: 3, Insightful
  
  Oh, I don't know? Cisco? Microsoft? IBM? There are lots of people having interest in computer infrastructure investments.
Unless... by Allrod · 2005-07-01 22:43 · Score: 3, Funny

Another choice quote: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable," Khaki said. That should really be: Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable, unless that gets dropped too..." Khaki said.
1. Re:Unless... by Fred_A · 2005-07-01 23:42 · Score: 1
  
  Wasn't XP already supposed to be fully IPv6 capable ?
  
  --
  
  May contain traces of nut.
  Made from the freshest electrons.
2. Re:Unless... by value_added · 2005-07-02 00:16 · Score: 1
  
  Wasn't XP already supposed to be fully IPv6 capable ?
  
  From the article:
  
  Jawad Khaki, corporate vice president for Microsoft [said] Microsoft's next operating system, dubbed Longhorn, will be "fully IPv6-capable,"
3. Re:Unless... by TheRaven64 · 2005-07-02 00:17 · Score: 1
  
  Windows XP includes a `Preview' (read: beta) IPv6 stack, and it is downloadable for NT4 and 2000. Trumpet (remember them?) ship a production-readly IPv6 stack for Windows 95 and later.
  Source
  
  --
  I am TheRaven on Soylent News
4. Re:Unless... by Faynor · 2005-07-02 00:43 · Score: 1
  
  Isn't this off topic?
5. Re:Unless... by Zaknafein500 · 2005-07-02 01:00 · Score: 1
  
  Wow, Trumpet. That brings back very scary memories of trying to configure Trumpet Winsock on Win3.11 to connect to a PPP server at a local BBS. That was the single flakeyest program I think I have ever used.
  
  --
  
  "The guide is definitive, reality is frequently inaccurate."
6. Re:Unless... by marco13185 · 2005-07-02 01:02 · Score: 0
  
  Actually, I don't see this one getting cut. As the alpha's of longhorn already have it very well integrated and functional. Longhorn automatically configures an IPv6 address through DHCP with my router, it's also completely functional. But then again, so was the sidebar, WinFS, and every other core technology in longhorn, until they removed them. But, yeah, they keep stripping longhorn of features to the point that the only new features are the GUI. Which M$ is going to port back to XP!!! Also, when WinFS and the works come out, they will also be ported back to XP!!! They might as well name it "Windows XP with Avalon , Aero, and WinFS".
7. Re:Unless... by learn+fast · 2005-07-02 01:26 · Score: 1
  
  Microsoft's next operating system, dubbed Longhorn, will be "extremely close" to a release by 2008, Khaki said
8. Re:Unless... by Anonymous Coward · 2005-07-02 02:13 · Score: 0
  
  Guys, the features that are being "dropped" might take a BIT more 'foundation level work' than just a few minutes of hacking in a few new procedures, classes &/or objects into the existing 50 million or so lines of Windows' latest Os' in the NT-based Operating System family & takes time. Even if you have the (literally) best talent quite possibly there is that money can (& often does in MS' case) buy.
  
  Currently & afaik & iirc, Windows Server 2003's the largest programming artifact in existence. It's going to take time, effort, & quite possibly foundation kernel level reworking & then TONS of regression test analysis to get it ALL 110% & right + securely working.
  
  I also understand things like this are 'perfect F.U.D.' for the Linux camp to spread around...
  
  This is the ONLY thing I cannot stand about them, acting much like gossipping women, & many times their statements on this very website (which is, no doubt about it, with the picture of "King Billy" as a BORG, far too "pro-linux") evidence this for me.
  
  People, newsflash:
  
  Technologies NOT just Windows & it's NOT just Linux.
  
  The goals today should be (by both parties) to make them interoperate with one another as seamlessly as is possible.
  
  Of course, from the point of view here @ slashdot, I am sure they LOVE 'Linux vs. Windows' type banter here... it generates controversy &/or conflict, which means webpage views/hits.
9. Re:Unless... by Anonymous Coward · 2005-07-02 02:40 · Score: 0
  
  The beta of Longhorn currently uses a virtual IPv6 address internally if you're connected to a v4 network, so it appears they do want to implement it internally.
10. Re:Unless... by Anonymous Coward · 2005-07-02 05:58 · Score: 0
  
  That's one reason why you should've been using OS/2.
11. Re:Unless... by Anonymous Coward · 2005-07-02 07:12 · Score: 0
  
  You can install IPv6 on Windows XP already by opening a command window and typing "ipv6 install"
  
  That's it!
Progress in DoD by dgb2n · 2005-07-01 22:46 · Score: 4, Insightful

Although there has been alot of noise around it, actual progress hasn't been so convincing and the 2008 date appears highly unlikely. In many cases its more a matter of "here's how we'd do it if you gave us X dollars" than a funded plan forward.

This has appeared all along like a deliberate attempt to force a "technology refresh" that would be beneficial to major US networking companies than any real response to technical superiority of the IPv6 protocols.

If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
1. Re:Progress in DoD by teksno · 2005-07-01 22:52 · Score: 0
  
  the only tech companies it would be useful to is microsoft and cisco... i fully believe what ever n00b is out there controlling DOD networks doesnt realize the there are alternatives to technology products other then what he see advertised on cnn.
2. Re:Progress in DoD by Anonymous Coward · 2005-07-02 01:26 · Score: 0
  
  I've worked for the DoD and know that their system admins know what they're doing. They just don't have as much freedom as they would in the private sector. Alot of redtape to get through before they can get anything approved. It's rather rude to ASSume that the people who work for the DoD are all n00bs. They know what's out there, they just can't use whatever they want.
3. Re:Progress in DoD by sgtrock · 2005-07-02 04:20 · Score: 1
  
  Let's see... The design of the Internet's predecessor was funded by DARPA (Defense Advanced Research Project Agency), the DoD runs the single largest contiguous IP network, one of the largest DNS domain name spaces in .mil, and arguably has more IPv4 addresses assigned to it than any other single entity in the world. The DoD has also funded research in and/or deployed BSD, Linux, Apache, etc. all over the place for years. The Navy sysadmins for years have also quietly resisted a mandate that came directly from the Pentagon to convert ALL of their systems over to Windows on Intel.
  
  [sarcasm]Oh, yeah. The DoD admins are all noobs, all right.[/sarcasm]
  
  Moron.
  
  Next time, check your facts before you open your mouth about something you clearly know nothing about.
4. Re:Progress in DoD by Anonymous Coward · 2005-07-02 05:50 · Score: 0
  
  Although there has been alot of noise around it, actual progress hasn't been so convincing and the 2008 date appears highly unlikely.
  
  Sadly, I agree. I've seen too many government change-over dates slip by, or get pushed back.
  
  If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
  
  Government *exists* to mandate things which pure economics won't generate. The Constitution, mandates a democratic republic, which is arguably very high on the "technical merit" scale; but I doubt if we had left it up to business we'd be living in a democratic system today.
  
  This isn't on the scale of guaranteeing free speech, true, but then, it isn't a mandate for the citizens of the country: it's a mandate from the federal government, to the federal government, i.e., an internal requirement.
5. Re:Progress in DoD by klept · 2005-07-02 07:48 · Score: 1
  
  Highly unlikely for 2008? More like impossable. The Fed's IT is your worst nightmare for screwups.Add to that the complete dummies working there, and you have a continuting disaster. Wonder if Osama is behind this idea?
6. Re:Progress in DoD by teksno · 2005-07-02 09:10 · Score: 1
  
  you see heres the really funny part...
  
  im a network admin for the USAF... and we have been mandated to get rid of all boxes that arent windows... and all network equipment that isnt cisco...
  
  my supervisor and i each got a l.o.r. last week from our commander because we refused to take down the linux box that was doing realtime monitoring or our entire network down to the switch... and we just spent i dont even know how much money replacing perfectly good enterasys routers and switches woth propriatery cisco junk... granted we are still using ipv4, so the ipv6 thing doesnt really matter, but the point is that whoever runs the marketing campaigns for M$ and ci$co, are good at getting dumb people to believe that they are the only way to do things.
  
  cisco so called self defending networks are still in testing while entersys can give you a demo of their self defending networks if you ask. i have done my home work... mainly because i have to put up with shit coming from the top by people who only see commericals and dont actually work with the equipment...
  
  and the people in the navy that are resisting the M$ take over are only resisting because some n00b above them mandated that they switch... i fought the law, and the law won...this time. (little do they know that i still use a linux desktop at work)
7. Re:Progress in DoD by glitch23 · 2005-07-02 13:21 · Score: 0
  
  If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.
  
  You mean like HDTV?
  
  --
  this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-01 22:47 · Score: -1, Troll

You are all fucking retards. Lunix is a shit operating system, and BSD is dead. Apple is for closet homos. Get with the times, use Windows. Open Source is for losers. What other industry is so stupid as to work for free?
1. Re:ATTENTION SLASHDOT READERS by debilo · 2005-07-01 22:53 · Score: 5, Funny
  
  What other industry is so stupid as to work for free?
  
  Mothers and housewives?
2. Re:ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-01 23:20 · Score: -1, Flamebait
  
  Trust me, they ain't free at all. They live parasitically on their spouse, sometimes after ceasing to provide any service at all.
3. Re:ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-01 23:33 · Score: 2, Interesting
  
  I'm paid well for my linux work. Software is a service, not a product. Once the artificial scarcity of copyright law is eliminated and we return to a free market, I'll still be doing fine. The windows weenies won't be.
4. Re:ATTENTION SLASHDOT READERS by SlashdotMeNow · 2005-07-02 01:00 · Score: 0, Offtopic
  
  Dear sir. May I be the first to say: LOL! I wish you a good weekend.
5. Re:ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-02 02:12 · Score: 0
  
  Mod me as flamebait I don't care.
  
  I think a little more respect is due to those who not only bring life into this world. But devote their own life to making that new one the HIGHEST priority in theirs. (I am refering to stay at home moms)
  
  Having a day job that pays a "real" salary doesn't make you a true man or women any more than being a housewife/mother makes a woman less than a women.
  
  If more people thought of their children as the most important thing in their lives instead of additional baggage that needs to be dragged along, we wouldn't have so many screwed up kids in the world. Don't believe me? Go home from your much more prestigious day job some day and tell your kid that your boss and your job are more important than him. Tell your kid his daily protection and teaching is going to come from stangers and thats the best you can do for him. Tell him thats life. Tell him in short that although you helped bring him into this world you have your own plans and you're not going to let him get in the way. Then see what happens.
  
  You can't ignore your kids... They need a role model, they need a reliable and trustworthy teacher. They need consistency and to know that someone gives a damn about them. No one is going to teach your child the things that are important to you except you. The time and attention you give them in their youth pays off a thousand fold in their adulthood.
  
  So even if the comment was in jest I think a bit more respect is due for these women (and any men out there) that make their children the highest priority in their lives.
6. Re:ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-02 02:23 · Score: 0
  
  Networking is a service, and I can see that from the point of view of a tech or administrator... from the point of view of the guys that make the tools you USE? It's product... from a developer's standpoint.
7. Re:ATTENTION SLASHDOT READERS by bitty · 2005-07-02 03:19 · Score: 1
  
  Mod parent up! Yeah it's offtopic, but things like this need to be heard everywhere.
8. Re:ATTENTION SLASHDOT READERS by mbius · 2005-07-02 04:40 · Score: 1
  
  With decent tenure, the standard severance package is pretty sweet.
  
  --
  you can have my violent video games when you pry them from my cold, dead hands.
  Prime UID Club
9. Re:ATTENTION SLASHDOT READERS by Anonymous Coward · 2005-07-02 06:56 · Score: 0
  
  Networking is a service, and I can see that from the point of view of a tech or administrator... from the point of view of the guys that make the tools you USE? It's product... from a developer's standpoint.
  
  I'm a developer, and from my point of view, software is a service. I don't know anybody, in any field, who's writing programs that never have any bugs, and do from day 1 everything the users will ever want.
  
  What makes networking a service? I guess the fact that if you turn it off, it's gone. If I stop paying for broadband, next month I won't have broadband.
  
  That's exactly what software is: maintinance is part of the "product". In fact, it's the most important part. When a company has a great proprietary software product, and then goes out of business, the next week you can find CDs in the $5 discount bin. Why? The software did everything it did last week -- but the service is gone.
  
  From the market's point of view, service is 90% (or more) of the price of a product. You can keep saying "I don't believe that!", but it won't make you immune from market forces...
NAT by debilo · 2005-07-01 22:49 · Score: 4, Insightful

Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.
1. Re:NAT by FrostedWheat · 2005-07-01 23:20 · Score: 4, Informative
  
  though the security aspect that NAT provides really is useful
  
  Nothing a simple firewall can't handle.
2. Re:NAT by hitmark · 2005-07-01 23:41 · Score: 1
  
  bingo, while nat is nice for home and small office use for basic sharing for a net connection for web and email. it runs into problems fast if your planing to use it for say an isp enviroment or similar, and to me thats what the grandparent post talks about.
  
  the biggest single nat problem is vpn tunneling. that a nat setup have to rewrite the source or destination part of the header can mess up or make invalid the tunnel if it require packet signing (ie, use private key to add a checksum for the header) from what i recall.
  
  this means that you cant just deploy a isp-wide nat as it may well make a mess for people that work from home or maybe a traveling salesman that connects from time to time with a laptop.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
3. Re:NAT by gclef · 2005-07-02 00:01 · Score: 1
  
  The biggest problem I see with this attitude (not that I entirely disagree with it) is that it assumes NAT will go away in v6. I sincerely doubt that it will. I know it's unnecessary in v6...but people have gotten used to it, and it's been sold to them as a "security feature". Therefore, they're going to want to use it in v6, whether or not it really does anything for their security.
4. Re:NAT by 0xdeaddead · 2005-07-02 00:05 · Score: 0, Troll
  
  yeah sure.. if you have lets say 3000 computers you want to rdp into how do you do that??? Oh and the people connecting are end users, so no registery hacks, thanks... Sorry NAT FUCKING SUCKS.
  Not to mention things like voip.
5. Re:NAT by richy+freeway · 2005-07-02 00:32 · Score: 0, Flamebait
  
  You're ranting at the wrong person, numbnuts.
6. Re:NAT by clenhart · 2005-07-02 00:32 · Score: 1
  
  > though the security aspect that NAT provides really is useful.
  
  All we need is a checkbox on a IPv6 firewall that says "NAT style security and limitations". Is that really that hard for firewall software?
7. Re:NAT by FrostedWheat · 2005-07-02 00:40 · Score: 1
  
  NAT != Firewall. Most NAT systems include some sort of firewall so it's an easy mistake to make. A firewall filters packets without changing them, NAT is a hack that rewrites the headers to get past ISP's only giving out single IP addresses per customer. It's a neat idea, but still a hack.
  
  I'm lucky enough in that my ISP give me a small subnet. I have a machine acting as a firewall to prevent all the usual nasties getting onto the network, limiting what ports external users can connect to. All without NAT - each machine has it's own internet IP. VOIP works nicely.
8. Re:NAT by Baricom · 2005-07-02 00:42 · Score: 2, Insightful
  
  Actually, most people I've talked with use NAT not for the security but because they need it to get more than one computer online (the local broadband providers provide one IP address and rent extras for about $10 per month). I think whether NAT continues to be popular or not will probably be influenced by whether residential ISPs become less stingy with the address space.
  
  If NAT goes out of style, the home router people will just focus more on delivering good firewalls, and a lot of people (probably including me) will still buy them.
9. Re:NAT by thogard · 2005-07-02 00:44 · Score: 1
  
  Thats why they invented SVC DNS records.
  
  We already have have about 2^48 IPv4 addresses for things using SVC records.
  
  The real reason we ran out of IPv4 address is that cisco routers can't cope with a full routing table. Some how quadrupling the amount of memory the same routing table needs isn't going fix the problem.
10. Re:NAT by Fished · 2005-07-02 00:53 · Score: 2, Informative
  
  Nawww... you're missing the point that IPV6 is designed to require significantly fewer entries in routing tables for the same number of networks. Yes, the addresses are 4 times as long, but that doesn't make the routing table takes four times the memory.
  
  --
  "He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
11. Re:NAT by anthony_dipierro · 2005-07-02 01:01 · Score: 1
  
  The biggest problem I see with this attitude (not that I entirely disagree with it) is that it assumes NAT will go away in v6.
  
  What's more likely, if IPv6 does catch on, is that NAT will be replaced by IPv4 to IPv6 tunnels.
  
  But I seriously doubt this is going to happen. Redesigning everything from scratch is a software engineer's wet dream, but in the real world for a system to work it needs to be much more backward compatible than IPv6. It's like DJB said: "The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space."
12. Re:NAT by Zeinfeld · 2005-07-02 01:08 · Score: 1
  
  Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.
  The problem I see with IPv6 is that nobody has ever managed to describe a transition strategy that looks remotely viable to me.
  
  One of the big problems is that instead of looking to see what NAT technology could do for them to facilitate the transition what we get is really a flag day strategy under a different name.
  
  What we need is Ipv6 capable NAT boxes that are capable of doinf 4/6 translation on the fly. The main barrier to adoption of that type of strategy is folk who really can't see beyond the end-to-end principle.
  
  --
  Looking for an Information Security student project suggestion?
  Try http://dotcrimeManifesto.com/
13. Re:NAT by thogard · 2005-07-02 01:11 · Score: 1
  
  I know the theory.
  I know the real world isn't as nice. I've been dealing with routing issues since the days of the uumaps collapsing and I've seen where IPv6 is headed.
14. Re:NAT by Anonymous Coward · 2005-07-02 01:11 · Score: 0
  
  You should be using VPN for that, Einstein.
15. Re:NAT by Blkdeath · 2005-07-02 01:21 · Score: 1
  
  NAT != Firewall. Most NAT systems include some sort of firewall so it's an easy mistake to make.
  
  NAT, as implemented by 95% of SOHO routing equipment is an inherrant protection system in that it prevents direct access to the machines connected behind them. In and of itself, NAT is a deny all, allow some mechanism which therefore offers a degree of protection that a simple 'this IP address belongs to this computer' routing setup can't offer. In that case the user must then also create a firewall ruleset based on their network topology. In most cases, I'd wager that ruleset would be a simple case of deny all, allow some anyways.
  
  --
  BD Phone Home!
  Shameless plug. Like you weren't expecting it.
16. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 01:29 · Score: 1
  
  You should be using VPN for that, Einstein.
  
  And then you find out that company with 3000 machines to RDP into is using just about half of RFC1918 space and happens to be using the same portion of it that you are... doh!
17. Re:NAT by swillden · 2005-07-02 01:33 · Score: 1
  
  In that case the user must then also create a firewall ruleset based on their network topology.
  
  The default ruleset would merely do precisely what the NAT box does: Deny all incoming connections. The network topology in question is simple: One NIC connected to the outside world, another connected to a switch to which all of the interior computers are connected.
  
  With respect to security, NAT offers nothing that a simple stateful firewall does not.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
18. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 01:33 · Score: 1
  
  though the security aspect that NAT provides really is useful.
  
  NAT doesn't have a security aspect. It just rewrites the addresses and ports on outbound packets and keeps track of them to rewrite the corresponding replies. If you don't have filter rules to back it up then any traffic can just flow right into your network. NAT doesn't cause packets to be dropped.
19. Re:NAT by Blkdeath · 2005-07-02 01:44 · Score: 1
  
  With respect to security, NAT offers nothing that a simple stateful firewall does not.
  
  Plug ADSL/Cable modem in one end, plug mom, dad, sis, and your computers in the other end. Instant security. Asking users to configure their own subnet and then create their own stateful firewall ("What's 'stateful'? What's a 'firewall'?") isn't realistic.
  
  --
  BD Phone Home!
  Shameless plug. Like you weren't expecting it.
20. Re:NAT by Dwonis · 2005-07-02 01:52 · Score: 1
  
  What we need is Ipv6 capable NAT boxes that are capable of doinf 4/6 translation on the fly. The main barrier to adoption of that type of strategy is folk who really can't see beyond the end-to-end principle.
  I think those would be called NPT boxes (network protocol translation)...
21. Re:NAT by pe1chl · 2005-07-02 01:59 · Score: 1
  
  This is of course not true.
  A NAT router without special configuration has no way of accepting inward connections. So, by inserting an autoconfigured NAT box in front of a system you efficively have an autoconfigured firewall that only allows outbound connections.
  This is like a filter that protects all your services that were intended for inside use only.
22. Re:NAT by Anonymous Coward · 2005-07-02 02:00 · Score: 0
  
  Which just happens to be one of NAT's advantages... (translating between corporate networks using the same address space)
23. Re:NAT by gclef · 2005-07-02 02:04 · Score: 1
  
  I'm not as concerned with the home users as much as I am with the PHB's. They think NAT's magic security dust, and convincing not to use it, v4 or v6, is (I think) bound to fail.
24. Re:NAT by tuffy · 2005-07-02 02:09 · Score: 1
  
  Plug ADSL/Cable modem in one end, plug mom, dad, sis, and your computers in the other end. Instant security. Asking users to configure their own subnet and then create their own stateful firewall ("What's 'stateful'? What's a 'firewall'?") isn't realistic.
  
  Home users would buy a hardware firewall with routing and DHCP, plug it in, and get a home network that doesn't allow incoming connections by default. Just like they do now with NAT boxes. The only difference is that all the machines on their subnet would have a real IP address which could be opened up through the firewall for BitTorrent use, individual SSH servers or whatever.
  
  --
  Ita erat quando hic adveni.
25. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 02:10 · Score: 1
  
  A NAT router will accept all inward connections by default, unless you tell it to do otherwise with filter rules. Try it sometime. Find me one implementation of NAT that drops anything.
26. Re:NAT by swillden · 2005-07-02 02:11 · Score: 1
  
  Plug ADSL/Cable modem in one end, plug mom, dad, sis, and your computers in the other end. Instant security.
  
  Yep. That's exactly what would happen given a $25 firewall box.
  
  Asking users to configure their own subnet and then create their own stateful firewall ("What's 'stateful'? What's a 'firewall'?") isn't realistic.
  
  Who asked them to configure anything? A small, off-the-shelf firewall box would do it all automatically. It would actually do *exactly* the same thing the NAT box does, except it could skip the step of having to translate network addresses, and it wouldn't need to be a DHCP server -- DHCP service would either come from the ISP, or else IPv6 stateless autoconfiguration would handle it.
  
  The proper way to handle the problem, of course, is not even to require a separate $25 box. Instead, just integrate the firewall into the DSL/Cable modem.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
27. Re:NAT by swillden · 2005-07-02 02:14 · Score: 2, Interesting
  
  Home users would buy a hardware firewall with routing and DHCP, plug it in, and get a home network that doesn't allow incoming connections by default.
  
  Almost. The box wouldn't do DHCP, because it wouldn't know what IP addresses to hand out. DHCP service could be provided by the ISP, but since we're talking about IPv6, it's more likely that DHCP would simply disappear, and the machines would use autoconfiguration.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
28. Re:NAT by isj · 2005-07-02 02:15 · Score: 1
  
  A NAT router without special configuration has no way of accepting inward connections
  My old Intel Express ISDN router do. By default it makes reverse mapping for all ports to the inside PC that triggered the outgoing link.
29. Re:NAT by pe1chl · 2005-07-02 02:41 · Score: 1
  
  You are trolling, aren't you?
30. Re:NAT by Ruzty · 2005-07-02 02:45 · Score: 1
  
  NAT doesn't cause packets to be dropped.
  
  So, you can connect to the sshd on my 10.0.0.31 box that is behind a public IP attached to a NAT'ing device? (No you can't any neither can anyone else without compromising the device performing the NAT'ing.) It causes packets that don't have a port redirection rule, to a private IP/port tuple, on the public interface to be dropped. It's a very crude version of a "deny all" rule that uses rewrite/redirection where a firewall would use "allow in" rules.
  -Rusty
  
  --
  The Master (Angelo Rossitto) in Mad Max Beyond Thunderdome, "Not shit, energy!"
31. Re:NAT by quarkscat · 2005-07-02 03:07 · Score: 1
  
  IPv6 is the only way that every coffee pot, flower pot, copier, router and switch in the Pentagon will be able to be monitored once Dubya moves much of the Federal government to Texas.
  
  Yes, NAT is good for all of those of us that currently have only one outward-facing IP address. But wouldn't you like your home's coffee pot, stove, refrigerator and HVAC to be readily accessible from the office, or while on the road?
  
  I, for one, would welcome 100% adoption of IPv6 tomorrow. I'll take my 1024 IP addresses and be happy. I'm already ready (screw MSFT's OSes)!
32. Re:NAT by nxtw · 2005-07-02 03:13 · Score: 1
  
  My NAT router (Linksys WRT54G) does not accept any incoming connections by default. It has "Firewall" mode turned on by default. If you turn that off, it won't filter incoming connections, but there won't be anything to connect to!
  Even Windows XP SP2 does this; the firewall is turned on by default, and if you enable Internet Connection Sharing, the firewall is *still* turned on, blocking all incoming connections.
  
  No matter what you do, except for those strange cases where the router automatically forwards everything to another host, the most anyone from the ouside network can connect to is the router itself.
33. Re:NAT by Anonymous Coward · 2005-07-02 03:44 · Score: 0
  
  Lovely, now someone (other than you) can get into your home network, turn on your coffee pot, and stove, in hopes to creating a fire. They can also turn off your fridge so all the food spoils, and turn your AC on to it's coldest setting to run up your elec. bill. No fully automated/network enabled home for me.
  
  What's up with the unallocated IPv4 IPs out there?
  http://ws.arin.net/cgi-bin/whois.pl?queryinput=1.0 .0.0
  http://ws.arin.net/cgi-bin/whois.pl?queryinput=2.0 .0.0
34. Re:NAT by Anonymous Coward · 2005-07-02 03:45 · Score: 0
  
  Theoretically, yes. In a home where people actually might want to multi-home (connections to more than one ISP), maybe not!!
  
  oops
35. Re:NAT by deathazre · 2005-07-02 05:24 · Score: 1
  
  nat on $ext_if from $int_if.network to any -> ($ext_if) pass all
  that's basic NAT right there. Note that you can still very well connect to the machine doing the translation. Stopping that requires firewalling:
  block in on $ext_if pass out on $ext_if keep state
  
  --
  Karma: Negative (Mostly affected by dorm trolling)
36. Re:NAT by Anonymous Coward · 2005-07-02 06:16 · Score: 0
  
  >The proper way to handle the problem, of course, is not
  >even to require a separate $25 box. Instead, just integrate
  >the firewall into the DSL/Cable modem.
  
  Actually no. I would expect my isp's tech support guys to disable any security at the first sign of trouble.
37. Re:NAT by kaisyain · 2005-07-02 06:17 · Score: 1
  
  Why would DHCP disappear? It hands out a lot more than IP addresses.
38. Re:NAT by Mattintosh · 2005-07-02 06:31 · Score: 1
  
  Umm... correct me if I'm wrong, but wouldn't "autoconfiguration" be the same thing as Dynamic Hardware Configuration Protocol? In which case, a non-NAT firewall and router would still need to have it. The only thing that should disappear is NAT.
39. Re:NAT by m50d · 2005-07-02 06:32 · Score: 1
  
  It's not a strange case, it's a normal way of doing things. Look for a port called DMZ on your router, or a way of setting it in software. The router forwards incoming connections to the DMZ pc. Advanced routers can also do port forwarding or virtual servers, where you tell it that connections to particular ports should go to particular hosts.
  
  --
  I am trolling
40. Re:NAT by ShieldW0lf · 2005-07-02 07:07 · Score: 1
  
  Your wrong. DHCP is Dynamic Host Configuration Protocol. You only need it if you haven't been assigned a static network configuration by your upstream. If IP addresses weren't a limited resource for no better reason than an obsolete design, there would be much less reason to use DHCP.
  
  The number one reason it is used is to allow an ISP to have more customers than they have IP addresses to assign to them, operating on the assumption that not all of them will be online at the same time. It's also a good for network administrators who don't have very good organizational skills.
  
  --
  -1 Uncomfortable Truth
41. Re:NAT by nxtw · 2005-07-02 07:21 · Score: 1
  
  It's a strange case if configured automatically/by default.
42. Re:NAT by jp10558 · 2005-07-02 08:53 · Score: 1
  
  Maybe looking into something like Hamachi that provides NAT traversal at both ends for VPN?
  
  --
  Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
43. Re:NAT by m50d · 2005-07-02 09:11 · Score: 1
  
  It's what any sane person would want, so why not have it as the default?
  
  --
  I am trolling
44. Re:NAT by nxtw · 2005-07-02 09:29 · Score: 2, Informative
  
  There is no reasonable default forward-all-ports setting. Most people that buy typical consumer NAT routers do so to share Internet access, so the router could assume that one system should have all incoming connections forwarded to it... but there's no way of knowing *which* system to forward to.
  Some people buy these devices as security devices, becasue incoming connections do not go through to their system by default...
45. Re:NAT by SCVirus · 2005-07-02 11:03 · Score: 0
  
  Someone needs to meet Mr. arp spoofer.
46. Re:NAT by swillden · 2005-07-02 12:23 · Score: 1
  
  Why would DHCP disappear? It hands out a lot more than IP addresses.
  
  Yep. And IPv6 stateless autoconfiguration handles all of those other things, too.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
47. Re:NAT by swillden · 2005-07-02 12:26 · Score: 1
  
  You only need it if you haven't been assigned a static network configuration by your upstream.
  
  IPv6 provides an alternative to DHCP. Basically, a machine joining a network only has to figure out what the network address is (which it can do by listening passively for any traffic), and then it can generate its own dynamic IP address, and it will automatically know where to find all of the other common services, including gateways, DNS, time, SMTP, etc.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
48. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 13:39 · Score: 1
  
  My NAT router (Linksys WRT54G) does not accept any incoming connections by default. It has "Firewall" mode turned on by default. If you turn that off, it won't filter incoming connections, but there won't be anything to connect to!
  
  I don't follow why won't there be anything to connect to if you merely disable filtering?
  
  Even Windows XP SP2 does this; the firewall is turned on by default, and if you enable Internet Connection Sharing, the firewall is *still* turned on, blocking all incoming connections.
  
  Ok, yes, the firewall is blocking all incoming connections, not NAT. What's your point?
  
  No matter what you do, except for those strange cases where the router automatically forwards everything to another host, the most anyone from the ouside network can connect to is the router itself.
  
  That's because the *firewall* has been turned on by default on that particular device, that is completely independant of NAT. I can have a firewall without NAT, and I can have NAT without a firewall.
49. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 13:48 · Score: 1
  
  So, you can connect to the sshd on my 10.0.0.31 box that is behind a public IP attached to a NAT'ing device? (No you can't any neither can anyone else without compromising the device performing the NAT'ing.)
  
  Yes, actually I can. What I'd first have to do is figure out your public IP address, then I'd attempt to compromise another machine within one hop of your own. If I do that, I set up a route to 10.0.0.31/32 gatewayed to your public IP address, and voila, I'm in. I don't have to compromise your NAT router at all, I only need to compromise a machine within one hop of it.
  
  A lot of broadband connections nowadays basically put all subsribers in a particular area in one big virtual ethernet... so in cases like that there may be quite a few options for someone to get into your network if you aren't doing filtering along with your NAT.
  
  It causes packets that don't have a port redirection rule, to a private IP/port tuple, on the public interface to be dropped.
  
  No it doesn't, not unless you have filtering rules to do that. All nat does is translate outbound packets, remebers state of connections, and translates certain incoming packets back. All NAT can do is translate or not translate. It doesn't drop or forward.
50. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 13:51 · Score: 1
  
  Which just happens to be one of NAT's advantages... (translating between corporate networks using the same address space)
  
  Great, so now I have to set up NAT to translate all of my peer's addresses to some other unuused RFC1918 addresses.
  
  That is so much simpler and better than just having enough routable space for everyone, isn't it.
51. Re:NAT by nxtw · 2005-07-02 14:03 · Score: 1
  
  I don't follow why won't there be anything to connect to if you merely disable filtering?
  Because the router offers no services by default to the WAN interface.
  
  Ok, yes, the firewall is blocking all incoming connections, not NAT. What's your point?
  
  You said "A NAT router will accept all inward connections by default". I refuted this. Windows XP SP2 is a NAT router that does not accept all inward connections by default.
  
  That's because the *firewall* has been turned on by default on that particular device, that is completely independant of NAT. I can have a firewall without NAT, and I can have NAT without a firewall.
  
  No, no, no! Do you know what you're talking about? Do you correctly understand how NAT works? A NAT router has an internal IP address and an external IP address. Incoming connection attempts on the external IP address are not magically forwarded to clients on the internal network. Unless forwarding is configured, by the end-user, any incoming connection attempts to the external IP won't be forwarded and will reach *only* the router.
52. Re:NAT by techfury90 · 2005-07-02 14:07 · Score: 1
  
  It's what any sane person would want, so why not have it as the default?
  
  Okay so you want it so by default all those hackers can get your average Joe who uses no firewall on their PC? Makes a lot of sense to me.
  
  --
  I'm friends with the youngest daughter of the former head of the PowerPC division of IBM you insensitive clod!
53. Re:NAT by asdfghjklqwertyuiop · 2005-07-02 14:30 · Score: 1
  
  Because the router offers no services by default to the WAN interface.
  
  The router doesn't need to if it is forwarding packets to something that is (which is waht a router does by definition, forwards packets).
  
  You said "A NAT router will accept all inward connections by default". I refuted this. Windows XP SP2 is a NAT router that does not accept all inward connections by default.
  
  Windows XP SP2 is not just a "NAT router". It is a router performing NAT *as well as* filtering. My statement may have been a little ambiguous I admit, but that's what I meant. router+NAT alone, strictly defined, won't filter.
  
  No, no, no! Do you know what you're talking about? Do you correctly understand how NAT works? A NAT router has an internal IP address and an external IP address. Incoming connection attempts on the external IP address are not magically forwarded to clients on the internal network.
  
  Yes, 100% correct. Connections to the public IP on your router won't be forwarded in unless port forwarding (another form of NAT) is set up to send them in. However... to attack your internal machines through this vulnerability I won't be sending packets to your external IP, I'll be sending them to your internal ones. See this post for info on how that might be possible with RFC1918 addresses. If your router is doing basic routing + nat proper only, they'll go straight in.
54. Re:NAT by Anonymous Coward · 2005-07-02 15:28 · Score: 0
  
  A NAT router without special configuration has no way of accepting inward connections.
  
  the point is this: nat maintains a "simpler" state table than a real stateful firewall. say host 192.168.1.1:12345 opens connection to 1.2.3.4:80, nat maps the 192.168.1.1:12345 to 5.6.7.8:54321 and thus has a state that says "anything from 1.2.3.4:80 to 5.6.7.8:54321 gets rewritten to 192.168.1.1:12345 again". and that is _anything_. it doesnt care if the packet is spoofed, has the correct flags, the correct tcp sequence number and so on. these are things a real stateful firewall would check.
55. Re:NAT by SquadBoy · 2005-07-02 15:41 · Score: 1
  
  There is not a single major VPN implementation that can't do NAT traversal by defualt.
  
  Also I have yet to hear a *single* example of a NAT problem that doesn't stem from coders ignoring OSI. The simple fact of the matter is if coders would start doing their jobs right NAT has no problems. But they just can't seem to grok the idea that they need to stay in their layers. And/or are too lazy to figure out how to do stuff right so they break the model adn then say that NAT causes problems.
  
  Granted I'm just a net admin but I *really* do not get it.
  
  --
  
  Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
56. Re:NAT by kaisyain · 2005-07-02 16:42 · Score: 2, Informative
  
  My understanding of IPv6 is that you can use SLAAC to acquire an address (after all it is only called Stateless Address Autoconfiguration) but that you are expected to use DHCPv6 (aka IPv6's stateful autoconfiguration) to get stuff like NTP and SIP servers. A quick glance through the rfc for SLAAC didn't show an obvious way of including that information. Actually it even says to use DHCP to configure information other than the address.
57. Re:NAT by schon · 2005-07-02 16:48 · Score: 1
  
  Most NAT systems include some sort of firewall so it's an easy mistake to make.
  
  There's no such thing as a "NAT system." You don't go and buy a "NAT System", you buy a firewall that does NAT. (Your statement is backwards.)
  
  A firewall filters packets without changing them
  
  No, that's a packet filter.
  
  A firewall is a device that sits on two networks and controls traffic between them. Most modern firewalls do this via packet filtering (so it's an easy mistake to make), but this is not the only way - google "SOCKS proxy" if you're curious about one way; but there are others.
58. Re:NAT by schon · 2005-07-02 17:01 · Score: 1
  
  NAT doesn't have a security aspect.
  
  Bullshit.
  
  If you don't believe NAT has any security benefits, then you must believe that stateful inspection has no security benefits either. (And if you believe that, then you don't know anything about network security.)
  
  If you don't have filter rules to back it up then any traffic can just flow right into your network.
  
  What?!?!?!?!?!?!
  
  Ok, then you've proven that not only do you know nothing about network security, but you don't know anything about networks at all.
  
  By necessity NAT implementations must include a state table; Inbound packets are destined for the *NAT DEVICE*, not for your internal network. If the packets don't correspond to entries in the state table, then they will hit the NAT device, not your network.
59. Re:NAT by hitmark · 2005-07-02 18:26 · Score: 1
  
  ah yes, hamachi. i think i looked at it ones.
  
  it may be fine for simple home and small office use but i would not use it for larger setups.
  
  and then there is the "problem" of having all traffic go via a third party server.
  
  allso, is hamachi doing package signing? if not then i can pull the same with openssh and creating a quick tunnel using a virtual network card ;)
  
  the big deal with nat is that it performs its function by altering the packages going in and out. but to add a extra layer of security the vpn connections they oten make use of signed packages to indicate that the package have not been alterd between the sender and the reciver. with normal nat that cant happen.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
60. Re:NAT by FrostedWheat · 2005-07-03 01:03 · Score: 1
  
  Good points. Thanks.
61. Re:NAT by Ruzty · 2005-07-03 02:07 · Score: 1
  
  The problem is the "pass all" rule. If you're destination is an unroutable IP then the traffic will never make it back to your border router as the reply packets will be dumped in the bit bucket. Your case applies only if the target of the NAT has a routable IP.
  
  --
  The Master (Angelo Rossitto) in Mad Max Beyond Thunderdome, "Not shit, energy!"
62. Re:NAT by Ruzty · 2005-07-03 02:29 · Score: 1
  
  You are assuming that the device performing the NAT'ing also has routes from the public IP to the private network and will pass that traffic untranslated. That is a big assumption, especially on a device that is incapable of performing such routing. If the only function of the device is to NAT then you can not pass traffic to the internal side of the network in any manner without matching one of the NAT rules first.
  
  I just tested your theory. I placed a box on the public side of my connection giving it an IP in the same subnet as the public interface. It was directly attached to the same switch and placed in the same VLAN. I made the IP of the NAT device's public interface the second machine's default route. I then tried to pass traffic to any host on the private side network of the NAT device. Snooping both networks on a span port on each switch showed no traffic passing through the NAT device. .(ignore) Allow WAN,* LAN,10.0.0.1 TCP,25 .(because) Allow WAN,* LAN,10.0.0.31 TCP,4000-23 .(slashcode) Allow WAN,* LAN,10.0.0.31 TCP,4000 .(sucks) Allow WAN,* LAN,10.0.0.1 TCP,22 .(big hairy) Allow WAN,* WAN ICMP,8 .(donkey) Allow WAN,* LAN,10.0.0.1 *,53 .(gonads) Allow WAN,* LAN,10.0.0.17 *,6112 .(often) Allow WAN,*:6881-6889 LAN,*:6881-6889
  
  There are 2 routes on this device, one for the 10/8 network on the private interface and the default route on the public interface. IP forwarding is not enabled. Oh, and the public interface uses PPPoE, so compromise anything else on this same segment and try to pass traffic to it without hitting a device that will apply its own routing rules overriding your static route.
  
  Got no firewall, only a NAT device and I'm still quite happy...
  -Rusty
  
  --
  The Master (Angelo Rossitto) in Mad Max Beyond Thunderdome, "Not shit, energy!"
63. Re:NAT by asdfghjklqwertyuiop · 2005-07-03 03:18 · Score: 1
  
  If you don't believe NAT has any security benefits, then you must believe that stateful inspection has no security benefits either. (And if you believe that, then you don't know anything about network security.)
  
  'stateful inspection' is usually a term used to describe firewalls, not NAT. NAT does maintain state of course for its own uses... so disregarding the nitpicking, what stateful inspection are you referring to? That as used by nat, or as used by a firewall?
  
  Ok, then you've proven that not only do you know nothing about network security, but you don't know anything about networks at all.
  
  Why don't you just read the rest of this thread where I've already demonstrated this. Better yet, why don't you *actually try* setting up a machine that does NAT ONLY and see what happens to packets that get sent in to machines on the inside from one on the outside.
  
  By necessity NAT implementations must include a state table;
  
  Yes, that state table is used by NAT for TRANSLATING, not FILTERING...
  
  Inbound packets are destined for the *NAT DEVICE*, not for your internal network.
  
  No, they don't have to be. You have no guarantee that packets coming in to your outside interface HAVE to have a destination address of your routers outside IP. Read the rest of this thread, I explained how elsewhere.
64. Re:NAT by jp10558 · 2005-07-03 03:30 · Score: 1
  
  Traffic doesn't go through a third party server, beyond the initial setup. Also, once released it will allow you as a company to buy the server to do the initial connections too.
  
  --
  Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
65. Re:NAT by asdfghjklqwertyuiop · 2005-07-03 03:42 · Score: 1
  
  You are assuming that the device performing the NAT'ing also has routes from the public IP to the private network and will pass that traffic untranslated.That is a big assumption, especially on a device that is incapable of performing such routing. If the only function of the device is to NAT then you can not pass traffic to the internal side of the network in any manner without matching one of the NAT rules first.
  
  What?! The router HAS to have a route to the lan machines in order for anything to work. That is just a characteristic of any router.
  
  And I don't know what you mean by a route 'from the public IP'. Routes have no such characteristic possibly unless we're talking about policy routing or something like that.
  
  I just tested your theory. I placed a box on the public side of my connection giving it an IP in the same subnet as the public interface. It was directly attached to the same switch and placed in the same VLAN. I made the IP of the NAT device's public interface the second machine's default route. I then tried to pass traffic to any host on the private side network of the NAT device. Snooping both networks on a span port on each switch showed no traffic passing through the NAT device. .(ignore) Allow WAN,* LAN,10.0.0.1 TCP,25 .(because) Allow WAN,* LAN,10.0.0.31 TCP,4000-23 .(slashcode) Allow WAN,* LAN,10.0.0.31 TCP,4000 .(sucks) Allow WAN,* LAN,10.0.0.1 TCP,22 .(big hairy) Allow WAN,* WAN ICMP,8 .(donkey) Allow WAN,* LAN,10.0.0.1 *,53 .(gonads) Allow WAN,* LAN,10.0.0.17 *,6112 .(often) Allow WAN,*:6881-6889 LAN,*:6881-6889
  
  There are 2 routes on this device, one for the 10/8 network on the private interface and the default route on the public interface. IP forwarding is not enabled. Oh, and the public interface uses PPPoE, so compromise anything else on this same segment and try to pass traffic to it without hitting a device that will apply its own routing rules overriding your static route.
  
  What kind of firewall is this? What is it running?
  
  Was the public interface of the router using PPPoE in your test or configured a different way?
  
  Was the outside host using PPPoE or just plain ethernet?
  
  How exactly is the pppoe interface configured? As a point-to-point interface, or does it have a /32 netmask?
66. Re:NAT by m50d · 2005-07-03 04:06 · Score: 1
  
  The first PC connected, or the first IP in the range (likely to be the same thing if the router is a DHCP server), is a reasonable guess for where all ports should be forwarded to. Sure, it might be wrong some of the time, but it's likely to be right. Quite often there's only one PC connected to the thing, then it's obvious where the packets should go.
  
  --
  I am trolling
67. Re:NAT by m50d · 2005-07-03 04:16 · Score: 1
  
  If average joe has opened ports he doesn't need then he deserves what he gets.
  
  --
  I am trolling
68. Re:NAT by nxtw · 2005-07-03 04:21 · Score: 2, Insightful
  
  You *could* do that, but no matter how it's done, it's not a good idea.
  In cases where hosts are already connected when the router is turned on, this means that whatever device requests an IP address first would get connections forwarded to it.
  
  And in cases where there's only one PC connected, that's probably because people are using it as a firewall *because* it does not forward incoming connections. I know a few people that recommend this.
69. Re:NAT by hitmark · 2005-07-03 11:31 · Score: 1
  
  heh, i spotted that mistake about the traffic.
  
  well, im guessing that they are skipping the packet signing part of vpn connection on the basis that there is a third party that verifys both sides.
  
  still, traditional vpn could have problems with vpn. atleast if its deployed on a isp level...
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Well, IPv6 is nice by Anonymous Coward · 2005-07-01 22:53 · Score: 2, Interesting

Especially "anycasting". But what about SCTP ? Now that would be worth wide support.
Benefits of IPv6 by lw54 · 2005-07-01 23:01 · Score: 5, Informative
IPv6 is a powerful enhancement to IPv4. Its primary features are as follows:
- The larger address space provides new global reachability, flexibility, aggregation, multihoming, autoconfiguration, plug and play, and renumbering. IPv6 increases the IP address size from 32 bits to 128 bits, allowing more support for addressing hierarchical levels, a much greater number of addressable nodes, and simpler autoconfiguration of addresses.
- The simpler, fixed-size header enables better routing efficiency, performance, and forwarding rate scalability.
- The numerous possibilities to transition from IPv4 to IPv6 allow existing capabilities to exist with the added features of IPv6. Various mechanisms are defined for transitioning to IPv6, including dual stack, tunneling, and translation.
- Mobility and security ensures compliance with Mobile IP and IP Security (IPSec) standards.
Page 46, CCNP Self-Study, Paquet Teare
1. Re:Benefits of IPv6 by tomstdenis · 2005-07-01 23:09 · Score: 0
  
  I really wish people would stop quoting more address space as a feature.
  
  First off, have you ever tried to enter an IP over a noisy phone connection? Now try it with eight 4-digit groups!
  
  Not all addresses are going to be ::192.168.0.1 ;-)
  
  Second, Do you have any idea how many dark /8s there are? Do you have any idea how many people have /8s that shouldn't? There is no IP shortage problem for now.
  
  Tom
  
  --
  Someday, I'll have a real sig.
2. Re:Benefits of IPv6 by SlamMan · 2005-07-01 23:21 · Score: 1
  
  No, but there's an ip distribution problem.
  
  Look at it from an economic perspective: You have a limited resource imperfectly distributed. If some people who want/need the resource that can't get it, because its already been distributed, then you have an artificial shortage. While reclaiming and redistributing is a valid option, you should never ignore the option of increasing the amount of your limited resource.
  
  --
  Mod point free since 2001
3. Re:Benefits of IPv6 by lingsb · 2005-07-01 23:34 · Score: 1
  
  I can also imagine that the sparseness of the number of IPv6 addresses that point to hosts will be a security benefit: it will make worm propagation a lot harder.
  
  --
  -BB
4. Re:Benefits of IPv6 by nystire · 2005-07-02 00:38 · Score: 0
  
  Security through obscurity...
5. Re:Benefits of IPv6 by thogard · 2005-07-02 00:52 · Score: 1
  
  IPv6 won't fix the distribution problem. The problem is the limited resource is unique routes in key routers and it comes down to the fact that an core exchange router can't cope with millions of networks that would like to be dual homed. The result is you can only truly dual home if you get your own /19 but most of the groups I know would be happy if they could dual home a /26
6. Re:Benefits of IPv6 by Florian+Weimer · 2005-07-02 00:59 · Score: 4, Informative
  
  Reality is quite different and does not live up to the short-sighted analysis you quoted.
  
  The larger address space is meaningless as long as it's harder to get independently routeable IPv6 prefixes than it is for IPv4. IPv6 headers are not fixed-size, especially in enterprise environments, the extension headers make the IPv6 header variable-length, causing endless headaches with hardware-assisted forwarding. Quality of implementation of the transition mechanism often suck, and they introduce new security issues. IPsec for IPv6 is not widely available, in contrast to IPsec for IPv4 -- even though it is mandated by the RFCs.
  
  Right now, IPv6 cannot deliver any of the new features it promises. It makes a lot of sense not to deploy it at this stage.
7. Re:Benefits of IPv6 by squoozer · 2005-07-02 01:05 · Score: 1
  
  While security through obscurity shouldn't be your only defence it is still a valid defence. Moving a service to an odd port will stop the majority of "passer by" attacks (the equivalent fo someone trying your car door as they walk past). It won't stop any one that is determined but if you have removed the noise it is easier to see the determined little *%*£)".
  
  I think it will probably slow down the current worm attacks but I wouldn't be supprised if we also saw a new breed of worm that used a different method to find hosts.
  
  --
  I used to have a better sig but it broke.
8. Re:Benefits of IPv6 by Anonymous Coward · 2005-07-02 02:07 · Score: 0
  
  IPv6 is a powerful enhancement to IPv4.
  
  Unforunately, it isn't. IPv6 is a powerful alternative to IPv4.
9. Re:Benefits of IPv6 by drsquare · 2005-07-02 03:48 · Score: 2, Insightful
  
  I really wish people would stop quoting more address space as a feature.
  
  Yeah, because actually being able to have an address so people can connect to you over the Internet is a terrible thing... Better to have NAT where the Internet is only one-way, you can't provide anything, just be a mindless consumer of websites. And forget p2p, ftp, and all that crap. Oh and forget about the fact that corporations and universities in America each have as many addresses as the whole of Africa. As long as rich Americans have proper IP addresses, fuck everyone else.
  
  First off, have you ever tried to enter an IP over a noisy phone connection? Now try it with eight 4-digit groups!
  
  What the hell are you talking about? Perhaps you should get a better phone. I see no reason why we should put up with sub-standard Internet just so your tech-support job is slightly more convenient.
  
  Second, Do you have any idea how many dark /8s there are? Do you have any idea how many people have /8s that shouldn't? There is no IP shortage problem for now.
  
  With 128 bits, everyone could have millions of IP addresses. Every household could give every computer its own address, every corporation would have enough to go round. Not having to pay through the nose to ISPs just for single extra IP addresses. No shitty dynamic IP addresses. No shitty NAT. What about the people who have /24s who don't deserve them?
  
  Actually you may have a point. With American corporations/governments in control of the Internet, it will always be fucked up, with all the power and luxuries given to the rich American corporations, and everyone else getting shafted.
  
  There is no IP shortage problem for now.
  
  I take it you have your own IP address?
10. Re:Benefits of IPv6 by Anonymous Coward · 2005-07-02 05:03 · Score: 0
  
  You left out the biggest benefit of the larger address space for many/most businesses: it's much harder for worms to find machines to attack.
11. Re:Benefits of IPv6 by laugau · 2005-07-02 07:55 · Score: 2, Informative
  
  What? Have you even READ the spec? Have you read a book on the subject?
  
  IPv4 has standard headers and then extended headers. IPv6 does not. period. No extentions, exceptions, addendums or substitutions. Header extensions are simply NOT part of the protocol. So guess what? If there is any type of extension, it HAS to occur at the protocol layer.
  
  Likewise, one of the biggest issues is not only routing, but fragmenttation. So if you send a big packet and it goes through a router with a smaller MTU, the router has to fragment it. IPv6 does not allow this. If you send a big packet and a router can't put it over the link, it sends an ICMP too big error back and the packet source must re-package the packet at a smaller size.... Is this more traffic? only for the very first packet, but the cost is realized over time. (Imagine trying to keep track of sequence numbers of the fragmented packet at the point it is fragmented... a real nightmare).
12. Re:Benefits of IPv6 by Florian+Weimer · 2005-07-03 02:03 · Score: 1
  
  What? Have you even READ the spec? Have you read a book on the subject?
  
  The spec (RFC 2460) claims that extension headers are usually not examined by routers. But this claim is false; often you have to examine them in order to locate the transport layer hat (with TCP/UDP/SCTP port information), otherwise packet filters cannot do their task. Same is true for fragmentation. Offloading it to the edges does not offer a real performance benefit, either, because compared to regular packet forwarding, fragmenting the original packet and generating an ICMP response is almost equally costly.
  
  IPv4 faces the same issues, of course. But nobody claims that IPv4 headers are optimized for high-performance routers. (The trouble is that the IPv6 optimizations were extremely short-sighted and concerned only with packet handling by regular CPUs, not the ASIC/real CPU combinations which we have today.)
Likely future events... by Spoing · 2005-07-01 23:05 · Score: 2, Interesting

...all desktops in the US Federal Government will have unique IPs, making it even easier for the bad guys to exploit a machine many layers deep in a network. After all, why secure the routers when your department managers just keep complaining that they can't connect from home?

--
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
1. Re:Likely future events... by Taladar · 2005-07-02 00:18 · Score: 2, Informative
  
  Repeat after me "NAT is not a firewall...NAT is not a firewall"
  
  --
  Linux is not Windows
2. Re:Likely future events... by nystire · 2005-07-02 00:46 · Score: 0
  
  And yet (at least in shops here) home users who ask about routers are being told that it makes them invulnerable to the "nasty people" on the internet :S
3. Re:Likely future events... by Spoing · 2005-07-02 01:00 · Score: 1
  
  Repeat after me "NAT is not a firewall...NAT is not a firewall"
  ...and firewalls aren't the end all to security. (Thus, the sig.)
  
  NAT is a capability of routers. It's not the only capability of routers, nor is it a necessary feature to enable when configuring them. (I'm talking about a full-featured router and other related devices, not a plug-and-go untweaked home model.)
  
  --
  A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
4. Re:Likely future events... by kaisyain · 2005-07-02 06:25 · Score: 1
  
  IPv6 has site local and link local IP addresses. I am sure that is what most organizations would use rather than publicly routable IP addresses for the vast majority of their machines.
5. Re:Likely future events... by Spoing · 2005-07-03 04:50 · Score: 1
  
  IPv6 has site local and link local IP addresses. I am sure that is what most organizations would use rather than publicly routable IP addresses for the vast majority of their machines.
  I've seen 3 sites where a company running the facility uses public IP addresses because of ease of use. The company has a large chunk of IPs from years ago and sees no reason not to use them for all client systems. The company is not well known to the general public, though was spun off from a well known company.
  
  I attempted to change this at one facility first by requesting that the admin look at alternatives. The admin laughed at me. I filed a more formal document and he is not laughing, though I doubt that anything has changed.
  
  When I was there last, the network allowed any system behind the firewall to connect to any other system including a check printing machine that daily prints $1m USD. The facility has been investigated by the FBI and site officials have been fired in the past for lax security and failure to catch breaches of security.
  
  The details of some of this have been published in a regional newspaper, so I am not giving away anything by mentioning this. That said, I feel that it would be improper to disclose the name of the company and the site location(s) because of the remaining details that are not public knowledge.
  
  --
  A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Mac OSX has had great IPv6 for a while (10.2)! by Anonymous Coward · 2005-07-01 23:07 · Score: 5, Informative

Mac OSX has had great IPv6 for a while (10.2)

http://evanjones.ca/macosx-ipv6.html

And the feds moved back their deadline so many times that even 2008 will be pushed back.

Apple even had a demo of ipv6 in OS9 once, and a long while back was big on it.

Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.

In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.
1. Re:Mac OSX has had great IPv6 for a while (10.2)! by Armadni+General · 2005-07-01 23:33 · Score: 3, Insightful
  
  The feds are always pushing back deadlines. I'm sure regular readers have seen two or three articles here about the total conversion of all broadcast television from analog to digital signals? It's the same case. They need to get tough on these "deadlines," or else nothing'll get done at any pace faster than that of a snail.
  
  And here shall commence the argument about whether or not anonymity on the Internet is a Good Thing or a Bad Thing.
2. Re:Mac OSX has had great IPv6 for a while (10.2)! by Detritus · 2005-07-02 00:01 · Score: 4, Interesting
  
  Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.
  The tin foil hat brigade is on the march, again.
  
  If you want an "anonymous" IP address, there is nothing to prevent you from using a sooper-sekret random number instead of the interface's MAC. See RFC 3041.
  
  --
  Mea navis aericumbens anguillis abundat
3. Re:Mac OSX has had great IPv6 for a while (10.2)! by anthony_dipierro · 2005-07-02 01:12 · Score: 1
  
  In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.
  
  Hmm, I think just the opposite would be true. Now that every person on the planet can have a billion IP addresses, it'll be feasible to use a different IP address every single minute for the rest of your life. Yes, IPv6 makes it possible for even a dialup server to give out static IP addresses to everyone, but it doesn't require it.
  
  This could have a big impact on sites like Slashdot which rely at least in part on the relative scarcity of IP addresses to keep out the trolls. It'll hurt the spam filters which rely on spammers eventually running out of IP addresses. But these are situations in which the technical ability of anonymity is increased (though one could argue that social controls might tighten to compensate - no more anonymous posts on Slashdot for instance).
4. Re:Mac OSX has had great IPv6 for a while (10.2)! by asdfghjklqwertyuiop · 2005-07-02 01:36 · Score: 1
  
  Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.
  
  In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.
  
  What are these anonymous IP addresses you speak of? What about IPv6 makes the addresses less anonymous than IPv4?
Situation Normal by Anonymous Coward · 2005-07-01 23:34 · Score: -1, Offtopic

In a tough situation, send it the military to sort it out. They take some casualties, and the large contracting companies make a bundle. (They've been hurting since Y2K went away. Semper-Fiscus.)
Oh its on now! by 0xdeaddead · 2005-07-02 00:00 · Score: 1

1 this is the whole point of software. I know people insist on compiling their stacks to asics, but check this out bub, I can route ipv6 on a 2500. Im sorry but flexibility of IOS trumps any stupid asic. Oh and on the lameness of cisco, yeah they do make some really lame products (*8500*) but have you actually compared CCO vs the others? Give me a break, if anything this tells me that you have never done any *REAL* networking on anything bigger than a 2500 or a 1900. Belive me the cat 6500 with sup3s kill any crappy 3com (you would be tottaly fucking nuts to go back to 3com after they dropped everyone) or foundry.
If you dont belive me, just search the tech support online. Then call TAC.. notice how they have REAL 24x7 support all around the world???

2 Ok now you just said you know NOTHING about applications. Do you have any idea how much NAT has held back application development? Yea that right, what about VOIP, video conferencing?? IM shouldnt need a centeral server, clients should be able to contact eachother, my cellphone should have an ip, hell even my car. Mobile ipv6, and the 2^24 ip address will fix this hands down. Belive me stupid thinking like this has stagnated real app development in the last 10 years. Just ask any CORBA application to nat.

3 What kind of routers are you using? Gee get on the clue train, its 2005, and I can get 512MB dimms for 43$ USD! With the advent of 64bit cpus (cisco loves MIPS, which are 64bit) a router with 512 or a couple of gigs isnt un heard of. Not to mention have you seen any papers on how ipv6 is layed out? Its not ipv4 with /17 split horizon nonsense. This isnt ipv4, and its not 1970!

4 What the hell are you worried about 20bytes for? What are you using dialup?? If so please cancel your AOL account, and go back to watching American Idol. Please for the sake of the internet.
1. Re:Oh its on now! by RouterSlayer · 2005-07-02 03:52 · Score: 1
  
  1) get IPV8, you'll thank me later
  2) try FOUNDRY, they kill cisco any day
  www.foundrynet.com
  
  you'll thank me later ;)
2. Re:Oh its on now! by Anonymous Coward · 2005-07-02 09:15 · Score: 0
  
  1 this is the whole point of software. I know people insist on compiling their stacks to asics, but check this out bub, I can route ipv6 on a 2500.
  
  Yeah, and you can take a coffee break while it's happening, I'll bet.
  
  Cisco 2950 switches we bought two years ago didn't have IPv6 support.
  
  As for their tech support, it's only available 24x7 if you're ready to shovel some serious money in their direction. In fairness, though, their website is pretty helpful.
  
  2 Ok now you just said you know NOTHING about applications. Do you have any idea how much NAT has held back application development?
  
  I'd say not one bit. People who use NAT often use it because they don't want that kind of direct access for all their systems, or don't want to pay for all the added protection they'll need if they do. NAT hides many particulars about my networks that I'd just as soon not reveal to the world at large. It also offers an oppurtunity to insert a firewall or other bastion host where it might not otherwise be wanted by my not-so-networking-aware bosses.
  
  3 What kind of routers are you using? Gee get on the clue train, its 2005, and I can get 512MB dimms for 43$ USD!
  
  Yes, and they don't fit in that 2500 no matter how hard I push. For that matter, a 2500 doesn't seem to use more than 16MBytes of RAM no matter what I put in it. Don't think they'll fit in the 4000, either. Maybe the 3600 will work with enough duct tape and the right incantations.
  
  Point is, to use that memory, you have to spend money somehow, often a lot more than just the $43. The act of spending money itself, not to mention figuring out all the possible gotchas, is, in itself, expensive.
  
  4 What the hell are you worried about 20bytes for? What are you using dialup?? If so please cancel your AOL account, and go back to watching American Idol.
  
  I use dailup. I don't have AOL or watch American Idol. I dropped my cable network provider, because their tech support seemed to be full of jackasses who made various assumptions about who I was (and what my problems were) based on what software/hardware I was using. Probably relatives of yours.
  
  Personally, I don't think I'm the obstacle to a more wide-open Internet. You can have open access if you want, but I'll stick with NAT and related technologies until I see something that offers a gradual, painless transition process and doesn't cost an arm and a leg.
  
  VOIP? I have a phone. It works even when the network's down.
3. Re:Oh its on now! by Charlotte · 2005-07-02 12:48 · Score: 1
  
  1) As for their tech support, it's only available 24x7 if you're ready to shovel some serious money in their direction. In fairness, though, their website is pretty helpful.
  No, you get 24x7 software support automatically on any contract, including smartnet. What you won't get is 2 or 4 hours parts replacement because they need to stock up on parts for those kinds of contracts in order to make delivery promises like that (you know - warehouses containing parts cost $$).
  
  2) NAT hides many particulars about my networks that I'd just as soon not reveal to the world at large. It also offers an oppurtunity to insert a firewall or other bastion host where it might not otherwise be wanted by my not-so-networking-aware bosses.
  
  You're using NAT as a cheap firewall. So do I. That doesn't mean it hasn't slowed down application development. These are separate points. You can open up your firewall, just like you can open your NAT gateway. With a NAT you still don't have your own *real* address on the network. You have to make those cfg changes on the separate NAT device rather than change the host's firewall with a simple button click. You may know how to change a NAT config but most people don't bother...
  
  3) Point is, to use that memory, you have to spend money somehow, often a lot more than just the $43. The act of spending money itself, not to mention figuring out all the possible gotchas, is, in itself, expensive.
  
  There are more things in life that change than IP technologies. Next time you move that 2500 to a different office I'll bet its power supply fails with Cisco refusing to supply a replacement (they've been EOL for how long now?). So you'll automatically buy a 2600 (or whatever it'll be) which will have IPv6. Don't you ever need a new car? Once you do it'll have the new nifty feature in there by default.
  
  4) Personally, I don't think I'm the obstacle to a more wide-open Internet. You can have open access if you want, but I'll stick with NAT and related technologies until I see something that offers a gradual, painless transition process and doesn't cost an arm and a leg.
  
  I don't see a reason why you could be forced into that decision until every dick tom and harry is using IPv6 anyway. Until then ISPs will simply have 2 groups of users. More $$ for network admins, sysadmins and consultants pays my bills :).
4. Re:Oh its on now! by lw54 · 2005-07-02 18:28 · Score: 1
  
  Cisco 2950 switches we bought two years ago didn't have IPv6 support.
  Cisco 2950 switches are a layer 2 device. IP is a layer 3 protocol.. they weren't supposed to support IPv6.
5. Re:Oh its on now! by Anonymous Coward · 2005-07-04 00:43 · Score: 0
  
  So, where do I get an implementation of IPv8? Or even a spec? Google gives nothing, www.ipv8.org just serves adverts.
  Go troll elsewhere.
To guarantee US adoption of IPv6... by haakondahl · 2005-07-02 00:07 · Score: 5, Funny

..Just declare it part of the metric system. Or is that the other way round?

--
Don't trust anyone under thirty.
I beg to differ: NAT can do it, and well too by CdBee · 2005-07-02 00:07 · Score: 2, Insightful

Intelligent use of NAT can get a lot of users into one IP. 9 out of ten surfers only need outgoing-initialed connections (web surfing, email, instant messaging, IP-based broadcasting and legal music download software).

Most surfers are considerably safer behind NAT anyway, as shielding incoming TCP connections on ports 135-139, 445 and 593 kills 9 out of 10 Windows remote exploits stone cold dead. Deploying technologies like uPNP in the ISP routers can negate the inability to accept incoming packets nmany low-grade server style apps (Messenger, VoIP)

In an ideal world yes, every device could be addressed by its own IP address, but in this world I don't want some cracker port-scanning my fridge and getting a backdoor through a butter overflow exploit.

I don't trust any modern operating system enough to run it without a hardware firewall device, and I always keep that (it's a linux-based consumer router) well-patched up to date and with all remote admin functions disabled and locked down.

As a regular fixer of friends PCs, I would love to see ISPs provide the option of fully-NATted connections. I'd recommend them. It'd save me so much time trawling eBay for bargain routers for my friends.

--
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
1. Re:I beg to differ: NAT can do it, and well too by TummyX · 2005-07-02 00:36 · Score: 4, Informative
  
  Intelligent use of NAT can get a lot of users into one IP. 9 out of ten surfers only need outgoing-initialed connections (web surfing, email, instant messaging, IP-based broadcasting and legal music download software).
  
  But if you want to do video conferencing or VOIP then you're screwed unless you go via proxy servers and give up speed and security.
  
  In an ideal world yes, every device could be addressed by its own IP address, but in this world I don't want some cracker port-scanning my fridge and getting a backdoor through a butter overflow exploit.
  
  It doesn't matter whether you use NAT or IPV6 . There's no reason why your fridge ith an IPV6 address should not sit behind your home firewall. At least, when you need to be able to open certain ports (at which point you're vunerable to buffer overflows regardless of the protovcol), you'll be able to do so using router rules rather than port mapping (which can only go so far). In both situations you'll have to buy an additional device -- an IPV6 router/firewall or a NAT based IPV4 router/firewall. There is no reason why an IPV6 router/firewall needs to be configured by default to permit all incoming connections.
2. Re:I beg to differ: NAT can do it, and well too by anthony_dipierro · 2005-07-02 02:27 · Score: 1
  
  But if you want to do video conferencing or VOIP then you're screwed unless you go via proxy servers and give up speed and security.
  
  Actually there are hacks now available which can establish a direct UDP connection between two NATed clients without even using port forwarding. Basically you use a third party to exchange port numbers, and then you both send the initial transaction at the same time. You can even do it with TCP if you exchange some additional information.
  
  And all that assumes you're not using port forwarding. If you use port forwarding, it's even easier.
  
  There's no reason why your fridge ith an IPV6 address should not sit behind your home firewall.
  
  You don't need to have an IPv6 connection to the internet to have an IPv6 home network, though.
3. Re:I beg to differ: NAT can do it, and well too by TummyX · 2005-07-02 02:38 · Score: 1
  
  Actually there are hacks now available which can establish a direct UDP connection between two NATed clients without even using port forwarding. Basically you use a third party to exchange port numbers, and then you both send the initial transaction at the same time. You can even do it with TCP if you exchange some additional information.
  
  Sounds interesting. I can't find any information on this ...have you got a link? It sounds like a security flaw unless you're talking about using UPNP to automatically forward ports.
  
  You don't need to have an IPv6 connection to the internet to have an IPv6 home network, though.
  
  I never said otherwise. The grandparent was worried about his fridge being hacked and I assumed he meant that it was attached to the internet.
4. Re:I beg to differ: NAT can do it, and well too by TummyX · 2005-07-02 02:40 · Score: 1
  
  Never mind, found the RFC on STUN.
5. Re:I beg to differ: NAT can do it, and well too by TummyX · 2005-07-02 02:46 · Score: 1
  
  STUN doesn't work between users if they both are using NAT. It's not the solution I was think you were talking about. A link would be helpful after all :)
6. Re:I beg to differ: NAT can do it, and well too by anthony_dipierro · 2005-07-02 02:55 · Score: 1
  
  one link here, but there are a lot of others. Basically, most NAT routers allow incoming UDP packets to ports which have recently sent outgoing UDP packets. This is usually how DNS requests work through NAT, for instance. So if I send a UDP packet from port 6744 to you on port 6755, and you send me a UDP packet at the same time from port 6755 to port 6744, then both NAT devices will think that the incoming packet is a reply, and will establish the connection. In order to do it with TCP it's much more difficult. You have to align sequence numbers, you have to have access to raw IP packets, and off the top of my head you probably have to send fake SYN/FIN packets to trick the NAT machine. From what I've read it is possible though, and when I read the description it made sense.
  
  It sounds like a security flaw unless you're talking about using UPNP to automatically forward ports.
  
  Well, NAT wasn't designed for security. People just use it that way, in most cases inappropriately. However, this particular attack does require active participation by both ends of the connection.
7. Re:I beg to differ: NAT can do it, and well too by drsquare · 2005-07-02 04:07 · Score: 1
  
  Intelligent use of NAT can get a lot of users into one IP
  
  Why do that when you can have more IP addresses? Can you give me a SINGLE REASON why the maximum bits that are given for an IP address are 32? Come on, one reason. Why not 64? Why not 128? Is your bandwidth that small?
  
  Why put 20 people into a 5-peron car when you can have 4 cars instead?
  
  9 out of ten surfers only need outgoing-initialed connections (web surfing, email, instant messaging, IP-based broadcasting and legal music download software).
  
  Of course, you yourself don't do that. You want to your own IP address, a full connection, but everyone else can fuck off behind NAT.
  
  Well, fuck you. If you can get a full connection, then so can everyone else. If we have to go behind NAT, then so can you. If we can't have any static addresses, then neither can you. You're not special.
  
  The Internet should not be held back just because the priveledged don't want to extend those priviledges to the rest of us.
  
  Security wise, there's nothing NAT can't do that a properly-configured operating system can't do.
8. Re:I beg to differ: NAT can do it, and well too by CdBee · 2005-07-02 04:38 · Score: 1
  
  Thank Christ, finally someone who "gets" it
  
  --
  I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
9. Re:I beg to differ: NAT can do it, and well too by m50d · 2005-07-02 06:52 · Score: 2, Insightful
  
  Web surfing is only possible if people run web servers. Internet radio is only possible if people run streaming servers. The fact that ordinary users can do these things is what makes the web what it is rather than being controlled by big media conglomerates like most other media. I don't want to see it ending.
  The solution to that is to disable the services running on those ports. It will have the same effect. uPNP shouldn't be necessary.
  
  Why does your fridge have open ports unless you want to use them? If you want to use them, why do you want them hidden behind nat?
  
  I trust my linux box in the DMZ on my router. I keep it fairly up to date, within a week say. The ports I have open are open because I want them to be open, if I wasn't in the DMZ I'd just port forward them anyway. The only thing I'm any more vulnerable to is a tcp stack flaw.
  
  I think such ISPs exist. They don't advertise the connection being nat because it's a bad thing. I am continually amazed by how many otherwise intelligent people have fallen for this "you need to be behind a router" crap. If you need a router, you're a complete idiot or running an OS written by one.
  
  --
  I am trolling
If what I've heard is correct.... by TwoTailedFox · 2005-07-02 00:14 · Score: 0

.... You can kiss goodbye tor reliable IPv6 IP Address tracing, that you can do with IPv4.

--
~The TwoTailedFox posts again....
NAT-PT for linux by tolonuga · 2005-07-02 00:52 · Score: 2, Interesting

Is there any nat-pt solution for linux?
I don't think anyone wants go through the
pain of double stacks. So to run a ipv6
only network, and connect it with both
v4 and v6, you would need a v6tov4 nat
device (nat-pt). I haven't seen anyone
offering that, at least no linux based solution
(some *bsd might be able to do that, not sure).
Missing improvements by Peaker · 2005-07-02 01:03 · Score: 5, Interesting

IPv6, to me, was a bit of a disappointment because it lacks two features that I find important:

A) A protocol between the ordinary level2 and IP(level3) (Could be named layer 2.5) that takes care of error-corrections via retransmissions. Not replacing TCP's error-correcting retransmissions, but in addition to those. The reason is that most lost packets are lost packets on a single link because of load issues and such, and not because a whole link falls and breaks a route. In those cases, it is very inefficient to retransmit the whole route, and to add a huge latency-overhead to the packet transmission.

B) Get rid of the silly "port" concept. Ports are just internal-computer addresses, and as such, should simply be part of the address itself. There should be no reason to distinguish between the network address and the host address and thus subnets were created, and that separation no longer exists. Just the same, there should be no reason to distinguish between net/host address an application addresses. Removing the "port" concept and placing it as part of the IP address itself has the following benefits:
I) UDP becomes redundant to IP itself, the whole protocol is about adding the port address and can be discarded.
II) DNS entries can point to applications and not hosts. This would allow www.server.com and www2.server.com to point to different webservers in the same computer. This would allow to discard the "virtual web hosts" feature. It would also allow to support multiple servers of any type (ftp, smtp, etc) on any host, all pointed by dns, without messing with the port supplied to the user.
III) An internal network can route the same application address to any host it chooses, easing the distribution of load. It would also not expose to the external world how applications are served on which hosts.

Anyhow, I look forward to seeing those features in IPv7.
1. Re:Missing improvements by Anonymous Coward · 2005-07-02 01:26 · Score: 0
  
  that will be fully deployed around 2357. they can't even handle this switch.
2. Re:Missing improvements by pe1chl · 2005-07-02 01:51 · Score: 2, Interesting
  
  Point A should be handled by the link layer at level 2. Any level 2 protocol can decide to have retransmissions, forward error correction, or whatever method it deems necessary to ensure reliable transmission of frames that hold IP packets. As the issues are usually quite specific to the actual link protocol in use, it does not seem to be necessary to have a standard retransmission protocol on top of that.
  
  However, with B you certainly have a valid point!
  How inconvenient it is that you cannot set an MX record to another port than 25... or tell the requester that www2.example.com is on port 8080.
  That could be fixed in DNS, of course (and it is fixed by the SRV extension to DNS which only Microsoft seems to have taken up).
  
  Of course your method will require a modification to DNS anyway because you want to lookup name+service pairs in DNS now (you want to get different adresses returned for domain.tld when asked for WWW service than when asked for FTP service, for example).
3. Re:Missing improvements by df4b943c678dae · 2005-07-02 02:02 · Score: 3, Informative
  
  Your assuming that the 'port' concept is universal to all protocols above the IP layer. There is much more than just TCP and UDP traffic flying around. http://www.iana.org/assignments/protocol-numbers/
4. Re:Missing improvements by Anonymous Coward · 2005-07-02 02:26 · Score: 5, Insightful
  
  Not trying to be harsh. But the missing improvements are outside the IP scope and functions. Just for your information:
  
  A) Look for MPLS and its future succesor GMPLS.
  B) The port concept is a TCP/UDP layer issue, not an IP issue. You can use lots of IPv6 addresses for the same device (IPv6 permits explicitly that) and just one port if that is what you prefer. I personally don't see the improvement. IP addresses are assigned to devices (in the IPv6 paradigm), ports are assigned to application uses. I personally beleive it is much straightforward this arrangement that an IP derived solution. At least now, you now port 80 means (at least should) web access.
5. Re:Missing improvements by pe1chl · 2005-07-02 02:35 · Score: 1
  
  Quite some protocols that run directly above the IP layer later got "over UDP" variants to solve NAT problems.
  Having a larger address and using it with all protocols, instead of using the port concept only with certain protocols, would have been better.
6. Re:Missing improvements by pe1chl · 2005-07-02 02:39 · Score: 1
  
  By using a separate address for each application, instead of a portnumber, you can address applications without having to worry about hardcoded or default portnumbers at the other side.
  Anyone who ever wanted to run multiple copies of the same service on the same machine, or wanted to move applications that were once on the same machine to different machines, knows the advantage of that.
7. Re:Missing improvements by Junta · 2005-07-02 04:46 · Score: 1
  
  But his point is that is a not so common need, and that you can already have multiple IPv6 addresses to a host (hell, even with IPv4) you can do it. It doesn't make sense to eat up huge amounts of address space for the sake of an uncommon need that already has a solution. On the other hand, every host is on a network, and every reasonable network has multiple hosts, so the address specifying both makes sense, as it is used 100% of the time.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
8. Re:Missing improvements by Urgoll · 2005-07-02 06:50 · Score: 1
  
  The reason why 'A' is a bad idea can be found in the paper 'End to End Arguments in System Design' [1]. But basically, adding an additional layer would increase latency for ALL packets (because of the additional checks), to optimize for a relatively rare occurence. As for 'B', addresses are layer 3 while ports are layer 4. You can already decide not to use ports and do data transfers over raw IP (this is how ping is usually implemented). However, the concept of port simplifies a lot the code of daemons. A daemon can bind on a specific port for all addresses to listen on all network interfaces of a server. Doing the same with your scheme would mean either: - the application needs to listen on multiple sockets (more complicated); or - the 'well known address' is applied to a virtual interface, the server therefore needs to internaly route packets and needs to advertise a route to its internal network - more work for the routers. So, it'd be a lose-lose proposition.
9. Re:Missing improvements by Spy+Hunter · 2005-07-02 07:25 · Score: 2, Insightful
  
  It's not necessary or desirable to have retransmission at the IP level. Firstly, it would put a humongous burden on routers because they would have to keep packets in memory after they have been sent, in case they need to be retransmitted. This would only make "load issues" worse and result in *more* packets being dropped, not less. Secondly, the correct response to packet loss on a link is to route around the link, not to retransmit over the link and produce more congestion. Routing around the link will not only reduce current packet loss but reduce future loss as well by evening out the load. This makes any packet loss due to congestion temporary, unless there is one link that can't be routed around (a bottleneck). In this case, retransmitting still can't help you because there simply isn't enough bandwidth to satisfy user demands. Some packets will be eventually dropped *no matter what*, and the only solution is to add more bandwidth.
  As long as packet loss is temporary, then handling it at the TCP level is just fine. Yes, it occasionally introduces latency due to retransmission but it is worth it to keep the network simple. A simple network is more robust and more predictable, with cheaper hardware. Cheaper hardware means more hardware and more bandwidth, which then reduces latency and packet loss overall. This is the correct solution to packet loss problems.
  
  Also, a big reason the Internet is as reliable as it is today is due to its inherent *unreliability*. It's a "worse is better" philosophy. When failures are an everyday occurrance, your failure-handling must be robust. This paradoxically makes the system as a whole more reliable. The Internet is the epitome of this philosophy. Packet loss is a natural and healthy thing for the Internet.
  
  --
  main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
10. Re:Missing improvements by Peaker · 2005-07-02 07:47 · Score: 1
  
  It's not necessary or desirable to have retransmission at the IP level. Firstly, it would put a humongous burden on routers because they would have to keep packets in memory after they have been sent, in case they need to be retransmitted. This would only make "load issues" worse and result in *more* packets being dropped, not less. Secondly, the correct response to packet loss on a link is to route around the link, not to retransmit over the link and produce more congestion. Routing around the link will not only reduce current packet loss but reduce future loss as well by evening out the load. This makes any packet loss due to congestion temporary, unless there is one link that can't be routed around (a bottleneck). In this case, retransmitting still can't help you because there simply isn't enough bandwidth to satisfy user demands. Some packets will be eventually dropped *no matter what*, and the only solution is to add more bandwidth.
  
  The memory required in order to retransmit packets over a single link to a neighbor is negligible, because the latency of a single link is very small (compared to a whole route) and thus ack's arrive very fast (amount of unacked data is very small). If they don't, then retransmission can occur instantly. Transmission control can propagate to neighbours when the load is too high on the links.
  The latency added for packets that check out fine should also be negligble because checksum'ing in hardware is very fast.
  
  I agree that TCP must be able to handle packet loss as well, its just that when it is the only entity that does, you get two problems:
  A. Inefficiency, re-routing through whole routes when packets are lost.
  B. Huge latency payments for every lost packet.
  
  The latency payment when the link retransmits is just a single link's latency multipled by 2 at worst (rather than the latency of the whole route + route-size-unknown-factor).
11. Re:Missing improvements by Spy+Hunter · 2005-07-02 08:13 · Score: 1
  
  If you're only talking about retransmission at the level of a single link, then that's not a part of IP, and it shouldn't be. Instead it is an optional part of link-layer protocols that IP has nothing to do with. I don't see your point.
  
  --
  main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
12. Re:Missing improvements by Peaker · 2005-07-02 08:14 · Score: 1
  
  Ports are layer 4 because that's where they put them, not because of any inherent feature. Ports are logically just part of the entity's address you're talking to.
  
  Doing data transfers over raw IP talks with a host, and not an entity within a host. I am proposing having addressing of entities inside hosts be part of the IP address itself.
  
  In my case, a daemon would still listen via a single socket. Instead of binding the socket to a certain (address,port) pair, it would bind it to an address alone, so the daemons would actually be simpler. Each server would "internally route packets" just like it does with ports, only using the low address bits of the IP address itself.
  
  What I am proposing is very similar to what exists today, only with less concepts. Simply think about it as moving the bits that currently represent the port into the IP itself, and you can get rid of UDP altogether and still talk with specific entities _in_ hosts, rather than just hosts. Also, you can simplify TCP as ports become implemented by the IP layer itself.
  
  This leads to more powerful DNS, simply because it is more logical to not divide the address into several different concepts. And port is part of the address.
  
  A win-win proposition :)
13. Re:Missing improvements by demon · 2005-07-02 08:45 · Score: 1
  
  Or we could just make broader, better use of SRV records, and not have to do something like what you're talking about. I also agree with the grandparent that it'll still be a lot easier for services that listen on multiple interfaces or all interfaces (INADDR_ANY/IN6ADDR_ANY, in IPv4/IPv6 parlance) than what you're talking about. I think having the separation between addresses and ports (which doesn't just exist in IP - it exists in AppleTalk, and IPX and DECNet and other protocols as well, I believe) made, makes and will continue to make sense.
  
  --
  
  Sam: "That was needlessly cryptic."
  Max: "I'd be peeing my pants if I wore any!"
14. Re:Missing improvements by Peaker · 2005-07-02 10:24 · Score: 1
  
  Right now it is optional. I want it mandatory (by including it in TCP/IP for example), so that one can rely on the low latencies it would achieve, and to increase efficiency.
15. Re:Missing improvements by Lost+Race · 2005-07-02 13:03 · Score: 1
  
  If you get rid of ports then you can't use the same hostname (or address) for multiple services. That is, if you want to SSH to an FTP server, you can't use its primary address or hostname. So we'd end up with ftp.box1.mydomain and ssh.box1.mydomain and dns.box1.mydomain and ntp.box1.mydomain, and so on. You'd end up having to type more, not less, to connect to any particular machine that hosts multiple services (which includes almost every machine). I believe that in practice this would be very cumbersome and difficult to manage.
  As others have mentioned it's already trivial to assign multiple addresses to a single host (and cheap in IPV6) so that's a much better solution to the problem.
16. Re:Missing improvements by Peaker · 2005-07-04 04:42 · Score: 1
  
  You could still enjoy the "default port" feature by having a host suffix address of zeros, that is replaced by a standard address of a service.
  
  For example, a full entity address can be used or given in DNS addressing a specific application as I said, or a partial address (host address) can be used, in which case the suffix of zeros is replaced with a specific entity.
  
  This is also cool because it allows having a default ssh box of any arbitrary subnet, not just a specific host.
  
  So in fact, instead of typing:
  
  ssh -C shells.sourceforge.net
  
  You would type:
  
  ssh -C sourceforge.net
  
  And the sourceforge.net address, which addresses a whole subnet, would have its lower part of the address replaced by a default string naming ssh that addresses a specific entity in a specific host.
  If the DNS so desires, though, it still has the power to fill those zeros with actual values.
  
  This combines the advantages of both worlds, with some new ones.
17. Re:Missing improvements by Spy+Hunter · 2005-07-04 20:09 · Score: 1
  
  It would not achieve lower latencies unless there was packet loss. But the reasons for packet loss on today's Internet cannot be fixed by your scheme. The vast majority of packet loss is caused by bandwidth bottlenecks, not by transmission errors. Your scheme cannot help in this situation.
  Consider a set of routers routing packets through a bottleneck. When their buffers are full, they drop incoming traffic. Without your scheme, that traffic is simply lost and must be retransmitted. This doubles the latency on some packets, but no packet sits in a buffer for very long so all packets which actually arrive are delivered with low latency. With your scheme, routers send back NACKs when they drop a packet and the sending router retransmits. No packets are dropped inside the network (instead they are NACK'd at the outside when buffers are full), but packets spend longer in router buffers (waiting for the next router in line to make space in its buffer) so the average latency for packets which actually arrive increases. There is no free lunch here.
  
  Mandating a certain approach at the IP level is misguided. Let it be decided at the transport layer where the decision belongs. On some networks, packet corruption/loss may be common and retransmission is necessary for decent performance. For example, wireless network protocol actually do implement extensive retransmission features. On some other types of networks, corruption is practically unheard of and so retransmission provides no benefit.
  
  --
  main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
18. Re:Missing improvements by Peaker · 2005-07-06 09:05 · Score: 1
  
  Consider a set of routers routing packets through a bottleneck. When their buffers are full, they drop incoming traffic. Without your scheme, that traffic is simply lost and must be retransmitted. This doubles the latency on some packets, but no packet sits in a buffer for very long so all packets which actually arrive are delivered with low latency. With your scheme, routers send back NACKs when they drop a packet and the sending router retransmits. No packets are dropped inside the network (instead they are NACK'd at the outside when buffers are full), but packets spend longer in router buffers (waiting for the next router in line to make space in its buffer) so the average latency for packets which actually arrive increases. There is no free lunch here.
  
  This is simply wrong:
  
  You only wait until the next hop has room for your packet in the buffer, this is typically a no-wait operation (0 time). When it is not, the alternative (in current IP, is losing the packet and doubling or tripling its latency).
  
  The periods of wait are not long unless the next link's bandwidth cannot keep up with the previous, in which case simple transmission control should help and without it you are very screwed anyways.
  
  Mandating a certain approach at the IP level is misguided. Let it be decided at the transport layer where the decision belongs.
  
  This is not really an argument, it is your conclusion re-stated.
  
  On some networks, packet corruption/loss may be common and retransmission is necessary for decent performance. For example, wireless network protocol actually do implement extensive retransmission features. On some other types of networks, corruption is practically unheard of and so retransmission provides no benefit.
  
  When there is no packet loss, the small buffer size is limited by the bandwidth of the link multiplied by its latency, which is a very small number for a single link (because a single link typically has very low latencies). So the payment is negligible.
  
  When the payment is large - the alternative is worse.
19. Re:Missing improvements by Spy+Hunter · 2005-07-06 12:40 · Score: 1
  
  The periods of wait are not long unless the next link's bandwidth cannot keep up with the previous
  Did you miss the part where I stated that was the exact situation I was talking about? That's the very definition of a bottleneck. And did you also miss the part where I noted that bottlenecks are the cause of almost all packet loss on today's Internet? (I am interested in what you think causes most packet loss, if not bottlenecks. It's certainly not transmission errors.) Since your scheme only helps when packet loss is not caused by bottlenecks, and almost all packet loss *is* caused by bottlenecks, it cannot noticably reduce latencies on today's Internet.
  
  --
  main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
It will when major ISPs start supporting it by js3 · 2005-07-02 01:08 · Score: 2, Insightful

The #1 reason the private sector isn't picking is up is the vast majority of the big isps don't offer it, as long as they remain on ipv4, ipv6 isn't going anywhere fast.

--
did you forget to take your meds?
1. Re:It will when major ISPs start supporting it by anthony_dipierro · 2005-07-02 01:33 · Score: 2, Insightful
  
  And the major reason the vast majority of the big isps don't offer it is because there is no demand for it. Anyone offering a useful service on the web can afford a few bucks a month for a static IPv4 address, and I don't see that fact going away, ever. So what do you get by going with IPv6? AFAICT, nothing but incompatibility problems.
  
  IPv6 would have been better than IPv4, if we were building the internet from scratch. But Beta is better than VHS too, and I don't know very many people with Beta cassette players.
2. Re:It will when major ISPs start supporting it by novakreo · 2005-07-02 02:41 · Score: 1
  
  But Beta is better than VHS too, and I don't know very many people with Beta cassette players.
  
  Except that it's not. VHS had a longer capacity than Beta, and for most people being able to record more on a single tape was more important than a marginal difference in quality.
  
  --
  O frabjous day! Callooh! Callay!
3. Re:It will when major ISPs start supporting it by IdahoEv · 2005-07-02 04:46 · Score: 1
  
  But Beta is better than VHS too, and I don't know very many people with Beta cassette players.
  
  So, so, tired of this urban myth.
  
  Beta lost a fair fight in the marketplace, and it deserved to. Yes, beta produced higher quality recordings and images. But it was more expensive, and the quality difference was not visible on consumer televesions of the time. Repeat, consumer TVs were not high enough quality to see the difference between Beta and VHS. So why would a consumer buy a more expensive device that gives them no benefit? They didn't, and it lost in the marketplace.
  
  Studios and editing houses had higher-quality monitors, and so Beta made sense for them. And in such places, Beta lived on for many years.
  
  Beta lost fair and square because it didn't deliver a benefit commensurate to its' price.
  
  --
  I stole this sig from someone cleverer than me.
4. Re:It will when major ISPs start supporting it by anthony_dipierro · 2005-07-02 05:02 · Score: 1
  
  Yes, beta produced higher quality recordings and images. But it was more expensive, and the quality difference was not visible on consumer televesions of the time. Repeat, consumer TVs were not high enough quality to see the difference between Beta and VHS.
  
  And four billion IPs were plenty when IPv4 came out.
  
  Maybe Beta's advantages weren't very useful in the short term, but that doesn't mean the analogy was without merit.
  
  Beta lost fair and square because it didn't deliver a benefit commensurate to its' price.
  
  And IPv6 will never become a widely used technology for exactly the same reason.
Bring on the Vultures by Gothmolly · 2005-07-02 01:13 · Score: 3, Insightful

I've seen this sort of first thing first-hand. Here's how it goes down:

Consultant: Hey, buddy o'mine in the White House Budget office, lets do lunch.
WhiteHouse: OK
Consultant: You know, if you dont use IPv6, you're obsolete.
WhiteHouse: Really?
Consultant: Yep. You wouldn't want the (Commies|Al-Qaeda|Chinese|French) to be ahead of us, would you?
WhiteHouse: Hell no!
Consultant: Nobody is going to deploy IPv6 w/o a reason. It's hard to do.
WhiteHouse: Hmm, we need to do this, its a matter of Homeland Suck-your-ity. Can you help?
Consultant: Why sure, but you should make sure that only me and a few others are approved for this gig, you wouldn't want any incompatibilities, would you?
WhiteHouse: Damn straight, I think I'll have another Scotch.
Consultant: Go ahead, its on me. *evil cackle*

--
I want to delete my account but Slashdot doesn't allow it.
For those of wou who want to check by Anonymous Coward · 2005-07-02 01:25 · Score: 1, Informative

that their ipv6 installation is working

http://www.whatismyipv6.net/
DDOS Attacks by Error629 · 2005-07-02 01:57 · Score: 1

Will they still be possible? Will this be the end of the script kiddies fun?

--
_________
The world doesn't just disappear when you close your eyes, does it?
1. Re:DDOS Attacks by GigsVT · 2005-07-02 04:44 · Score: 1
  
  DDOS will be even easier. So will spamming. 64 bits is a big address space to hide in.
  
  --
  I've had enough abrasive sigs. Kittens are cute and fuzzy.
Rules of /. ?!? by Anonymous Coward · 2005-07-02 02:32 · Score: 0

That's funny - this exact article was rejected, when I attempted to post it, while it was still "hot", a few days ago ... but, of course, it couldn't have been accepted, coming from Nanog mailing list professional subscribers ;)
This is good news for Contractors by Zugot · 2005-07-02 02:34 · Score: 3, Insightful

If you are a network engineer type, and you want to make some money, this is maybe some very good news. Most government agencies contract out this type of work. And I know there is a severe shortage of good network types out there who can grok ipv6. I am actually glad about this. It is kinda like Y2K all over again.

--
-- Bryan
This will mimic the "success" of the OSI model ;) by papaia · 2005-07-02 02:37 · Score: 1

I remember the "successful" deployment of the OSI model, after another, similar directive from the government, in the '80s ...

--
== With enough Will Power, one could move mountains. With enough Brains, one would just leave them where they are ==
Windows 95 by cazbar · 2005-07-02 03:19 · Score: 2, Funny

Looks like they're finally gonna have to upgrade all those Windows 95 computers.
everyone need to get IPV8 ! by RouterSlayer · 2005-07-02 03:44 · Score: 0, Troll

omfg! people, get a clue!

go with IPV8 already!
sheesh... ipv6 has been dead for years!

you can try www.ipv8.org or do a google search.
1. Re:everyone need to get IPV8 ! by superpulpsicle · 2005-07-03 06:06 · Score: 1
  
  According to http://en.wikipedia.org/wiki/IPv9 China is already working on IPv9? I don't even know who to believe anymore. Why not just wait till IPv100 at this rate.
Ipv6 sucks! get IPv8! by RouterSlayer · 2005-07-02 03:47 · Score: 1

oh ocme on ipv6 sucks rocks.
go check out ipv8 already and be done with it
1. Re:Ipv6 sucks! get IPv8! by farnz · 2005-07-04 00:43 · Score: 1
  
  So, where do I get an implementation of IPv8? Or even a spec? Google gives nothing, www.ipv8.org just serves adverts - I'd guess that you own the ipv8.org domain, and are trying to make a quick buck from ignorant slashdotters.
  
  --
  I appear to have a blog. Odd.
I BEG TO DIFFER: YOUR COCK IS THE SIZE OF A GNAT by eh0d+is+my+daddy · 2005-07-02 03:53 · Score: -1

fuck you cdbee!!!

--
eh0d is EVERYBODYS daddy now. TekMonkey (649444): Can a moderator or admin ban this guy? Just look at his record.
Another one is http://www.kame.net by anti-NAT · 2005-07-02 03:54 · Score: 1

You get a swimming turtle if you are IPv6 connected.

--
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 04:00 · Score: 4, Insightful

Both IPv4 and IPv6 were designed to be implementable as software protocols. They were also smart enough to implement a version flag in the protocol. There is nothing at all stopping you from installing dual IP stacks on all of your computers, giving each interface an IPv4 and one IPv6 adress, and use both of them interchangably.
What is stopping the implementation of IPv6 are those pesky legacy devices, legacy operating systems (ie Windows) and legacy hardware accelerated routers, and the fact the Internet being as big as it is - it's basically impossible to do a clean switchover, and there ARE problems when combining the two systems - even though you can have both on the same network, they won't be interoperable (=really bad).

Of course IPv6 has been designed to work around these issues as well as possible, but there will be issues eg getting a IPv4 machine to connect to a IPv6 one. And NAT has been the easier-to-implement short-term-solution for home 'puters etc...

--
I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
1. Re:You CAN have IPv4 and IPv6 on the same network. by OnlineAlias · 2005-07-02 04:54 · Score: 1
  
  You know you are talking to some young people when Windows is considered a legacy OS. I can see no compelling reason to delegate that the government use IPV6, just seems like more expense, more specalized hardware, more specialized people to implement...and no payoff whatsoever. Who's the brainiac that thought this up?
2. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 05:13 · Score: 1
  
  At least I'm old enough to have used operating systems that are more or less out of fashion today (ie MS-DOS), but still, I would agree, I'm pretty young (23).
  I didn't mean "legacy" as in "almost-extinct" though (I wish!). I meant it as in "doesn't support nice new feature". As far as I know, all other OSes with any importance at all (Mac OS X, *BSD, Linux) can be had with IPv6 support. Windows not so, at least not without 3rd party software as far as I know (speaking desktops here - ie XP). Ie legacy software (pun not intended although IE is becoming legacy too because of lacking development leading to bad standards support).
  
  And btw, I never talked about the government having to be first. I didn't say anything at all about who should be first, I was only discussing technical issues...
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
3. Re:You CAN have IPv4 and IPv6 on the same network. by kneeless · 2005-07-02 05:17 · Score: 1
  
  I'm usually the last person I'd expect doing this, but Windows XP has pretty good IPv6 support.
  
  --
  Bran muffins and whiskey.
4. Re:You CAN have IPv4 and IPv6 on the same network. by OnlineAlias · 2005-07-02 05:26 · Score: 1
  
  Ok ok..but I still can't see any payoff. What is the advantage of going to IPV6? Where is the return on investment?
5. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 05:33 · Score: 1
  
  Ok, do believe you, would you mind telling me where I find the control panel for it?
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
6. Re:You CAN have IPv4 and IPv6 on the same network. by OnlineAlias · 2005-07-02 05:50 · Score: 1
  
  network/properties/install/protocol/Microsoft IP Version 6
7. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 05:59 · Score: 1
  
  So then it's not installed by default? At least Mac OS X comes with in the default install, and well, with Linux, it's different from distribution to distribution, don't know about the *BSDs.
  If it really was well-supported, shouldn't it be installed by default then?
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
8. Re:You CAN have IPv4 and IPv6 on the same network. by OnlineAlias · 2005-07-02 06:11 · Score: 1
  
  That is flawed logic. I wouldn't want Microsoft to install it by default, as 99.9% of installs won't need it and it will do nothing but consume bandwidth. That would mean I would have to go remove it by default. Has nothing to do with if it is "well supported" or not...
9. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 06:18 · Score: 1
  
  It wouldn't consume any bandwidth unless you use it. By your own logic, 99,9% of the user wouldn't know it's there.
  You DO have a point though. We've seen M$ fuck things up with having them installed as default before...
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
10. Re:You CAN have IPv4 and IPv6 on the same network. by freakmn · 2005-07-02 06:41 · Score: 4, Informative
  
  Actually, you can get the IPv6 stack directly from Microsoft, so it isn't 3rd party software. For Windows XP, it shows up in the list of available protocols to install for your network. It's not the default, but not any harder to install than IPX/SPX. With Windows 2000, they don't make it easy, you have to search for it on their site, but it's there.
  
  IPv6 Preview for Windows 2000
  Advanced Networking Pack for Windows XP
  FAQ About the IPv6 Protocol for Windows XP
  
  --
  warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
11. Re:You CAN have IPv4 and IPv6 on the same network. by revmoo · 2005-07-02 06:53 · Score: 1
  
  You don't really know what you're talking about...
  
  C:\Documents and Settings\Brian>ipv6 install
  Installing...
  Succeeded.
  
  --
  I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
12. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 06:57 · Score: 1
  
  Obviously I don't. :) I'm too used to having useful stuff being installed by default with the OS on my iBook. :)
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
13. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 07:01 · Score: 1
  
  Thanks for the informative info. Still I would say, it isn't really "well supported" - if it was, I would expect my dad or sisters be able to set it up (and they're definately not on /.), and installing stuff is way above what they know - at least if it's not a "usual program". Making settings kinda is the border, and that wouldn't really be necessary with autodefined IP-adresses (DHCP or part of IPv6)...
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
14. Re:You CAN have IPv4 and IPv6 on the same network. by freakmn · 2005-07-02 07:13 · Score: 1
  
  I agree that it's not easy to set up. That's one of the reasons I said that it wasn't any harder than setting up IPX/SPX. It's not something I would expect any layperson to be able to do without step-by-step instructions, but it's still available for those of us who might know how to work it. If IPv4 wasn't set up to use DHCP by default, most people wouldn't be able to set it up. The technology is there, it's just that it's not being used.
  
  --
  warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
15. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 07:21 · Score: 1
  
  And that's basically my point. I don't call that "well-supported". Heck, I study these areas and don't know about it - it's basically a checkbox item that no one is supposed to use or something...
  My iBook has IPv6 options installed by default. If I want to play around with it, I've already seen it, and all I would have to do is find some ISP that would give me an IPv6 IP (those are available for free actually, don't remember the link though).
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
16. Re:You CAN have IPv4 and IPv6 on the same network. by freakmn · 2005-07-02 07:32 · Score: 1
  
  I haven't used a Mac in quite some time, so I was unaware that they had gone that far in supporting it. I don't call that well-supported, either. I was under the assumption that there wasn't a major operating system that installed IPv6 by default. Before others jump on me, I am not excluding Linux as a major operating system, just that not all distros support it by default. Anyway, thanks for the info on the iBook. Do you happen to know when this was introduced?
  
  Also, not to be a jerk, but it was intentional that I basically stated your point, which is why I said that I agree.
  
  --
  warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
17. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 07:49 · Score: 1
  
  Ah, so nice it can be on /. sometimes, in the end we all agree, love, peace and elvis... :)
  About Mac support for IPv6: I don't really remember (and as it seems I wasn't even a Mac user then), but I've found screenshots on the net showing the button for the IPv6 settings at least in Panther screenshots, so at least 1.5 years or something. The only screenshot I've found of the Jaguar network settings didn't have it, so presumably it was introduced with Panther.
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
18. Re:You CAN have IPv4 and IPv6 on the same network. by freakmn · 2005-07-02 07:55 · Score: 1
  
  I understand the confusion that may occur. It seems that most of the time, the only people that reply to you do so to flame you, correct you, or disagree with you. It's pretty sad, actually.
  
  --
  warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
19. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 08:10 · Score: 1
  
  Well, I don't mind that much. I was partly wrong about Windows at least. I thought there wasn't any support at all, not even at this basic level I've been told over and over again. :)
  And I should be studying, exams in a couple of weeks - so I'm really grateful for having something keeping me off-focus so I don't have to think about it. :)
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
20. Re:You CAN have IPv4 and IPv6 on the same network. by nxtw · 2005-07-02 14:08 · Score: 1
  
  I really don't like it when IPv6 is enabled by default. I usually end up deleting the ipv6 module in Linux, just so it stays out of my goddamn way. I have no plans on using it anytime soon, and I find IPv6 addresses in ifconfig annoying.
21. Re:You CAN have IPv4 and IPv6 on the same network. by asit+ler · 2005-07-02 17:42 · Score: 1
  
  Actually, Wind'ohs can be had with IPv6 support. Windows eXtra Problems has an MS-sanctioned IPv6 implementation, even though it is "intended for development use and trial network deployments" (http://www.ipv6.org/impl/windows.html)
  
  Windows 2000BC can have IPv6... with a MS-sanctioned add-on designed by Microsoft Research... Which in itself rings a big warning light, because if Microsoft considers something beta software, it must be even more unstable than their OSes.
  
  Users of Windows 95-98 and assumably ME and NT4.0 can use Trumpet Software's Winsock v5.0 to connect, using IPv6-aware applications, via IPv6. This is not a very neat way of doing it however, and I do not recommend it, as Winsock is primarily a modem dialer (I personally used it back in the Windows 3.1 days to connect to my ISP via a 14.4 modem)
  
  --
  This is not the sig you're looking for.
22. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-02 21:31 · Score: 1, Informative
  
  As I've written to all others that just answered the same thing - I STILL DON'T CONSIDER THAT WELL-SUPPORTED. Damnit. Supported, yes, but well-suppported, hell no. You said it yourself: "intended for development use and trial network deployments".
  In Mac OS X there is a settings window that I can use - so even my computer-illiterate dad could use it (if some one explained the options at least). It's also considered stable. It's been there since 10.3 as far as I know. THAT is what I call well-supported.
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
23. Re:You CAN have IPv4 and IPv6 on the same network. by asit+ler · 2005-07-03 14:30 · Score: 1
  
  If you'd actually, god forbid, read my reply, you'd see that I essentially said that beta implementations of a proven-stable protocol are quite useless, and in fact, I wasn't disagreeing with you.
  
  In Linux, there's a small modification I can make to the initialization script on my OpenWRT-firmware WRT54G router. It enables my IPv6 tunnel to he.net. After that, it's a simple matter of turning on radvd on the router, and presto! All my Linux machines, and assumably any *BSD machines I don't know about having, are using IPv6.
  
  I'm curious to know if MacOS X supports radvd broadcasting as well.
  
  --
  This is not the sig you're looking for.
24. Re:You CAN have IPv4 and IPv6 on the same network. by TERdON · 2005-07-03 21:48 · Score: 1
  
  Ah, didn't mean to be meen and ignorant. Sorry. Just about everybody has said "Windows does do IPv6" with respect to those drivers already (assuming they meant IPv6 was well-supported), and I read your comment just as the others were written...
  About radvd broadcasting - sorry, I don't know for sure. I haven't played around with IPv6 yet. I don't know about any reason for it NOT to work though - if it works under the other *nices I can't understand why it shouldn't work on OS X (which basically is a really rebuilt *BSD with lots of blingbling).
  
  --
  I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
25. Re:You CAN have IPv4 and IPv6 on the same network. by Bake · 2005-07-04 11:48 · Score: 1
  
  Once IPv6 support has been installed on XP, it plays nice with radvd broadcasting.
Another GOSIP? by isdnip · 2005-07-02 04:01 · Score: 4, Interesting

I'm old enough to have lived through the GOSIP debacle two decades ago. I see a replay.

GOSIP (Government OSI Profile, and the acronym was used separately by the US and UK) was a requirement to implement the OSI protocol stack by some date in the 1980s. It was a procurement requirement: Every system bought by the feds as of a certain date had to have OSI. Unless it got a waiver.

Some people took this to mean that the government would transition from TCP/IP to OSI by then. And this would lead the world to OSI. And so they invested heavily in OSI. (Remember DEC?) Come to think of it, the way the lead story is written here, you get the same impression, that by 2008 the feds really will be using IPv6.

But that's not what GOSIP meant. It meant that the equipment had to have OSI available, not that the government would actually use it. Having OSI was a checklist item. And eventually it got discarded, because nobody would actually use it; TCP/IP did the job well enough, and some of the early OSI implementations were, to be polite, a pile of crap. But a pile of crap still meets the checklist for an option that won't be used!

IPv6 is somewhat dumber, protocol-wise, than OSI. It has been around for well over a decade, solving non-problems with non-solutions, ignoring problems of the public Internet that developed since then, while promising higher overhead, obsolesence of equipment, difficult management and transtion, and more money for Cisco. So unless you're Cisco, there's no reason to go there. And nobody is going there.

Microsoft will meet the checkoff, as will other vendors, but I predict that in 2009, IPv6 will still see little use, even by the feds. Perhaps if we're lucky somebody will be talking about really fixing the problems in the current protocol stack, rather than going with a hack that was created for internal political reasons at IETF before the Internet was even open to the public.
1. Re:Another GOSIP? by Anonymous Coward · 2005-07-02 08:40 · Score: 0
  
  For that matter, soes anyone remember Ada? For those to young to remember, there was a time in the '80s when every procurement program in DoD was supposed to transition to Ada-based software from whatever they were using within a few years. It took three presidential administrations trying to implement this, then realizing it was a bad idea, before it was finally given up as the stupid idea that it always was.
  
  My favorite ;-) Ada application was a communications software suite for a command and control system we were working on. It implemented the complete OSI stack in Ada. It was slow, buggy, and took forever to compile. Two of us created a replacement for it in a matter of months, which of course was rejected because it was written in C.
Testing Community by Anonymous Coward · 2005-07-02 04:02 · Score: 0

Even thought the current goal is for the government to switch over to IPv6 by FY08, the testing community within the military are already starting to see systems that use IPv6.
Before the military purchases anything, it has to be first tested. The main goal of testing is to make sure that the system does what the vendor claims it does. There are entire organizations within the military that do nothing more then test new systems before they are purchased.

When a new system has a computer and is attached to a network, the computer security of that system has to be tested. This includes doing a vulnerability assessment and in some cases, penetration testing.

Unfortunately, there's not much out there that can be used to do a vulnerability assessment or penetration test against an IPv6 system or network. Nmap supports IPv6, but not much else. This presentation does list a number of tools and their status for support of IPv6:

http://www.google.com/url?sa=U&start=2&q=http://ww w.hacksonville.org/presos/ipv6_attack_tools.pdf&e= 10053

Commercial vendors of vulnerability scanners all claim that IPv6 support is on their TODO list.
LOL; NICE; by eh0d+is+my+daddy · 2005-07-02 04:10 · Score: -1

You just kicked cdbee's teeth in so hard that they look even WORSE than a regular english person's teeth. that's right, FUCK YOU CDBEE!

--
eh0d is EVERYBODYS daddy now. TekMonkey (649444): Can a moderator or admin ban this guy? Just look at his record.
For maybe the 3rd time in 4+ years by Glowing+Fish · 2005-07-02 04:38 · Score: 1, Offtopic

For maybe the 3rd time in 4+ years, I've seen an article about something the Bush Administration planned to do and thought "Hey! Thats a good idea!"

--
Hopefully I didn't put any [] around my words.
Re:This will mimic the "success" of the OSI model by HermanAB · 2005-07-02 04:55 · Score: 1

Oh, yeah - I actually studied the schtooopidttt OSI model at university. Who woulda thunk that a simple three layer protocol would take the world by storm?

--
Oh well, what the hell...
My own address range by Midnight+Thunder · 2005-07-02 05:00 · Score: 1

One thing that I like about NAT, for my home network is that I don't need buy an address range for my own use. By having address ranges reserved for use within a NAT, by specification, I know that they are mine to manage and assign, without having to refer to an external authority.

Of course I don't know enough about IPv6 to say that it doesn't provide an equivalent solution. What I am saying is that I have not seen anything about an alternative yet. If you know anything about an IPv6 equivalent to an internal address range, then I would love to hear about it.

--
Jumpstart the tartan drive.
1. Re:My own address range by Anonymous Coward · 2005-07-02 15:41 · Score: 0
  
  well, with ipv6 you are assigned a so called site prefix. this is a 48bit prefix that could change if you moved to another provider. however, ipv6 with autoconfiguration is designed so that nodes can ask for a router on their link that tells them the current prefix. you'd be only worrying about the other 80 bits.
  
  and to make renumbering as easy as possible, you always get a site prefix of 48 bits which supports 65536 subnets of 64 bits. this means the righthand 80 bits of your addresses would not change, only the site prefix. and this one is configured at your border router.
  
  in a loose sense, it is equivalent to having a fixed rfc1918 network behind a dynamic external address. just the nat would go away.
Let's see here.... by Anonymous Coward · 2005-07-02 05:11 · Score: 0

From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located..

weapons of mass destruction, IPv6 technologies, misappropriated credit card numbers. Funny, the govt has NO TROUBLE finding me to collect taxes.
YA USGov computer mandate that will be ignored by MisterSSL · 2005-07-02 05:54 · Score: 1

The US Federal government has a long history of imposing on itself mandates
for new computer technology, mandates that are ignored and never enforced.
They all set a date after which every agency may buy only computer equipment
or software that contains some new not-yet-mainstream technology.
The dates come and go, and agencies continue to buy what works for them.

Examples:
1979: mandated no more RS-232, only RS-449, for modems and computers that
connect to modems. Today: have you ever HEARD of RS-449?

1989: mandated every new computer that communicates with other computers must
use OSI protocols. Today: TCP/IP rules.

2000: mandated end of use of RSA (the PKCS#1 form used in SSL) by August 2001,
and the adoption of a new form of RSA (ANSI X9.31). Today, PKCS#1 rules.
The standards bodies haven't even considered switching.

2005: mandate IPv6 by June 2008. We'll see.
assigned IPv6 addresses will work by free2 · 2005-07-02 06:00 · Score: 1

Regardless of the RFCs, some Governments and/or some major ISPs will be able to assign a permanent IPv6 address to each person. And though it will have nothing to do with your actual MAC address, it will work. And if you try to connect to your ISP with a different address, it will be completely blocked by the ISP firewall.
1. Re:assigned IPv6 addresses will work by boneshintai · 2005-07-02 08:57 · Score: 1
  
  Do you have any idea what the routing headaches to make that happen would be like? At all? I can't imagine ISPs and backbone providers simply rolling over and soaking the cost, which in turn makes such a bill more expensive to push through and less popular with politicians.
2. Re:assigned IPv6 addresses will work by Anonymous Coward · 2005-07-02 15:53 · Score: 0
  
  of course thats why fixed whole-128bit-addresses are nonsense. the 48bit site prefix is supposed to be isp-bound. the rest are free for you to assign at your "site". if you move to the next isp, your site prefix changes while the other 80 bit stay fixed and also dont change in size.
Serious Adoption Problems by Anonymous Coward · 2005-07-02 06:06 · Score: 0

I was looking at my SOHO router's MAC filtering table the other day and I was shocked at just how many addresses I had recorded in there over a 2 year period... I had filled up the 32 address table completely, between things like my PDAs, vbrick, PVR, serveral computers, laptops, web cams, etc. I'm no uber geek, but if I'm already into a /26, I can just imagine what other people are up to. ...and all of this was behind NAT and off of my primary "production" network ( 6 IP address subnet connected via 100mbps fiber).

Now it occurs to me that that only reason I'd actually *SWITCH* to IPv6 is if I could save some money some how. Having everything on a globally reachable IP address would be nice, but I would want portablity between ISPs and essentially anonymous assignment of the address space for life.

Until that happens, I'm taking whatever the cheapest ISP is slagging off on consumers for the next 6 months... and that means IPv4
ipsec doesn't provide the most security by toppk · 2005-07-02 06:41 · Score: 1

what will though is the fact no one can connect to an ipv6 address..
The whole thing is absurd. by Mattintosh · 2005-07-02 07:30 · Score: 2, Informative

I just read through way too much drivel about IPv6 vs. NAT just now.

Here's the way things really should go. There are two possibilities, and they're not mutually exclusive.

1) For mobile devices:

Mobile devices should be addressed by a hardware address. This hardware address shouldn't be tied directly to the device, however, as mobile devices can be broken or lost easily. This is do-able right now with SIM cards. They have a SIM ID that could be used in place of an outdated phone number system. (Let's face it, POTS is ancient and crufty, and so are its numbering systems.) If you drop your cell phone and break it, move the SIM card to the new one.

One thing to watch out for here, though: All cell phones must use the same protocols, and all cell providers must use the same protocols. This ends their convenient lock-in semi-monopolies on their customers. This is a practice that isn't going to end without a fight.

2) Wired devices:

Wired devices should use an assigned address. IPv4-style 4-octet addresses are fine. But the arrangement needs to be a bit more logical. They need to be arranged in a hierarchy. From 0.0.0.2 to 255.255.255.255, every address should be valid. 0.0.0.0 should be reserved as a null address (duh) and 0.0.0.1 should be the localhost address (or "self" or "this" or "me"). Any other address can be a node. Any node can serve as a gateway to a COMPLETE subnet.

So if I want to reach grandma's wired VoIP phone, her number is "233.67.94.199::0.0.0.2". A phone keypad wouldn't have to be changed, as you could use * for . and # for :: when dialing, so the above number would be dialed as "233*67*94*199#0*0*0*2". And if I wanted to connect to her webserver, I'd point my browser at "233.67.94.199::0.0.0.3".

And there would, with only a two-level hierarchy, be more addresses than IPv6 offers(*). With more levels in that hierarchy, there would be no such thing as an address shortage. And to top it all off, I'm guessing the top-level routing equipment wouldn't have to be substantially changed. It's still just routing from one IPv4 address to another. The gateways would all have to change, though.

Notice another thing about this IPv4^n idea: Hierarchical NAT bypass. Notice how it resembles a C++ (and copycats) scope-resolution operator and how it resolves the scope of the actual device address and how it could easily be extended to multiple levels beyond what I've suggested.

(*)If you don't believe me, do the math:

IPv6:
2^128 = 3.402823669e38

IPv4^2 (IPv4-sqared)
32^32 = 1.461501637e48

IPv4^3 (x.x.x.x :: x.x.x.x :: x.x.x.x)
32^32^32 = 1.461501637e1536

With those IPv4^n address spaces, you have to remember that you don't get quite that many addresses, as you lose 0.0.0.0 and 0.0.0.1 from each range and subrange. In IPv4^2, you lose 8-billion-something addresses - 2 main-range addresses plus 2 addresses from each of the 4-billion-something-minus-two subranges. That's a trivial loss in the scope of this scheme, and yet is almost twice as many addresses as we have available right now.
1. Re:The whole thing is absurd. by Anonymous Coward · 2005-07-02 08:33 · Score: 0
  
  Um... that's just 2^64 not 32^32...
2. Re:The whole thing is absurd. by Mattintosh · 2005-07-02 11:46 · Score: 1
  
  Ack! Phooey. Here I thought I had magically invented numbers that didn't exist before. But you're right. It's 2^32*2, not 32^32.
  
  The remaining points still stand, however. It would be trivial for organizations that need more address space to simply make another subnet.
  
  And I later thought of something that would allow easier-to-remember numbers (though it's not completely perfect, since lazy people would still have to make an effort to remember something). Break it into 16-bit chunks. instead of "19.128.77.198::0.0.0.2" put "4992.19910::0.2". Or start issuing phone numbers like "1380.4dc6::0.2" and see how fast people learn hex. It's not like most people remember numbers these days anyway. They just program them into their phones.
IPv6 Used in telecom all the time... by Anonymous Coward · 2005-07-02 08:23 · Score: 0

In telecom it is used all the time. I work day in, day out on a 3G network product that uses IPv6, even for its internal communications between sub-units.
traffic = adoption by Danathar · 2005-07-02 10:10 · Score: 1

If there was more traffic on IPv6 enabled networks like Internet2 we would definitely see more apps written for it (chicken and the egg problem).

What I would really like to see is Azureus written to support Ipv6 without any additional work for the user. I would imagine IPv6 on Internet2 would explode if Azureus had IPv6 support. This would be a good thing because the increased traffic would test v6 code more significantly than now (among other things).
China already uses ipv6, could this have influence by v3xt0r · 2005-07-02 11:37 · Score: 0

???

The more we hand private sector technology development jobs oversea's, the more and more our technologies will become obsolete, which will assure our own demise.

--
the only permanence in existence, is the impermanence of existence.
That is typical by glitch23 · 2005-07-02 13:15 · Score: 0

While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located..

Sounds like the typical US gov't to me.

--
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
Cisco better fix EIGRP by DoubleW · 2005-07-02 15:02 · Score: 1

Cisco better fix EIGRP quick....it doesn't work with IPV6
The threshold by mnmn · 2005-07-02 15:07 · Score: 1

I dont know of the DoD, but some organizations will have to simultaneously use ipv6 to push the rest of the net over the hill.

Specifically the carriers (sprint, bell etc), the ISPs and the most popular websites like google should use the protocol.

If certain ISPs provide ipv6-only addresses, that will be a force.

This is best achieved if a government uses ipv4-only tax, but setting a tax on the Internet is a bad precedent anyway. Another idea is ARIN stopping to provide IPv4 addresses, forcing the use of ipv6, while some of the bigger sites simultaneously use it too.

Its a bit like the bringing about of communism, it'll take a forceful revolution, cant do it gradually.

--
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
IPV6 or ITV6 by belmolis · 2005-07-02 17:43 · Score: 0, Troll

I think that the only reason the White House is pushing this so hard is that Bush thought they were talking about a TV station.
permanent IPv4 adresses do exist today by free2 · 2005-07-02 18:58 · Score: 1

Do you have any idea what the routing headaches to make that happen would be like?
You must be talking about lifelong IPv6 addresses.
They are not needed to break anonymity.People who want to be anonymous can have big problems now with ISP that only offer permanent IPv4 address (yes they do exist, most of them in western countries, especially europe).
And by the way, offering a permanent IPv4 address is not technically difficult. Firewalling all other IP adresses from using the same link is not difficult either.
1. Re:permanent IPv4 adresses do exist today by boneshintai · 2005-07-02 22:15 · Score: 1
  
  I'd love to have a rational discussion with you over this, but I feel it's a lost cause. So here's a boggled emoticon:
  
  o_O
2. Re:permanent IPv4 adresses do exist today by free2 · 2005-07-03 00:46 · Score: 1
  
  Try me. My above message was rational (and based on known facts) _o/
A bipedal fox: by Hartree · 2005-07-03 14:01 · Score: 1

Interesting screen name. Do I know you?
1. Re:A bipedal fox: by TwoTailedFox · 2005-07-04 01:08 · Score: 0
  
  Depends.
  
  --
  ~The TwoTailedFox posts again....
2. Re:A bipedal fox: by Hartree · 2005-07-04 15:35 · Score: 1
  
  Only on Tuesdays, eh?